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uzz  Opinions,  insights  from  Demo  2003 


By  Paul  McNamara 


Optimism  abounds 
. .  .justified  or  not 


When  will  the 
evil  econ¬ 
omy 
finally  lift  its 
foot  off  the  neck 
of  our  industry? 

"Soon"  was  the 
answer  offered  most  often 
at  last  week's  Demo  2003, 
where  rarely  was  heard  a 
discouraging  word  and  the 
skies,  if  not  sunny  all  day,  at 
least  didn’t  seem  ready  to  fall 
on  anyone’s  head. 

Speaker  after  speaker 
—  on  stage  and  in  pri¬ 
vate  —  emphasized 
the  approach  of  better  times, 
while  muttering  the  obligatory 
qualifiers. 

A  cynic  might  say  rose-colored 
eyewear  was  in  high  fashion,  but 
there  were  few  cynics  on  the 
grounds. 

“It's  a  great  time  to  start  a 
company,"  said  Julio  Estrada, 
founder  of  Kubi  Software,  an 
e-mail-based  collaboration  new¬ 
comer  that  drew  well-deserved 
praise.  "The  talent  we’ve  been 
able  to  put  together  is  unbeliev¬ 
able  . . .  and  our  recruiting  costs 
are  zero.” 

Patience  is  again  a  virtue,  we 
were  told,  as  venture  capital¬ 


ists  reportedly  are  willing 
to  give  start-ups 
four  years  to 
fly,  nearly 
twice  the 
window  afford¬ 
ed  a  few  years 
ago. 

On  the  other 
hand,  Demo 
organizers  —  who 
run  this  elite  invi¬ 
tation-only  event 
Network  World 
owns  —  had  to 
sift  through  only  half 
of  the  1,000  companies 
screened  in  prior  years  to  find 
this  show’s  61  invited  vendors. 
The  quality  might  be  higher,  but 
such  a  thinning  of  the  herd  does¬ 
n't  come  with¬ 


out  a  price. 

There  might 
have  been  a 
quiet  undercur¬ 
rent  of  con¬ 
cern  about  the 


■  Review: 
Spam  busters 
Cloudmark  and 
MailFrontier  go 
head  to  head 
at  Demo.  See 
page  42. 


economy  — 

and  war —  but  a  ransom  note 
couldn’t  get  some  of  these  entre¬ 
preneurs  to  acknowledge  any 
serious  misgivings. 

“We've  got  people  paying  for 

See  Buzz,  page  62 


Costs,  security 
vex  VoIP  users 


■  BY  PHIL  HOCHMUTH 

WASHINGTON,  D.C.  —  Return 
on  investment  and  budget  con¬ 
straints  are  the  biggest  road¬ 
blocks  to  convergence  projects. 

Or  so  say  large  corporate  cus¬ 
tomers  attending  last  week’s 
VoiceCon  conference,  where  dis¬ 
cussions  focused  on  the  business 
of  planning,  securing  and  cost- 
justifying  IP  telephony 

Despite  the  snow  that  inundated 
the  East  Coast  last  week,  more 
than  3,000  attendees  came  to 
Washington  to  see  keynote  ad¬ 
dresses,  lively  vendor  debates  and 
educational  sessions.  Money 
issues  took  center  stage. 

“We  have  to  look  at  our  current 
infrastructure  and  all  the  [com¬ 
puter  telephony]  applications 


that  are  out  there,  and  ask  —  what 
can  be  done  on  our  current  sys¬ 
tem  that  can’t  be  done  with  IP?  — 
before  we  go  to  the  board  [of 
directors]  and  ask  them  for 
money  for  a  major  technology 
change  that  will  make  them  ner¬ 
vous,”  said  Doug  Crawford,  direc¬ 
tor  of  network  services  for  Kaiser 
Permanente,  the  largest  nonprofit 
HMO  in  the  U.S. 

Crawford  has  hundreds  of 
PBXs,  thousands  of  pieces  of  net¬ 
work  equipment  to  support  and  a 
$25-million-a-year  budget. 

David  Morgan,  vice  president  of 
architecture  and  planning  at 
Fidelity  Investment  Systems,  said, 
“ROI  is  a  real  issue  with  the  ex¬ 
pansion  of  any  of  our  IP  tele¬ 
phony  plans.  I  ask  other  people 
in  my  position,  who  may  have  IP 


Spammers  hiding 
behind  students 


■  BY  JOHN  FONTANA 

University  networks  already 
stressed  by  file-sharing  programs, 
viruses  and  hackers  now  face  a 
new  threat:  students  who  sublet 
their  network  access  to  spam¬ 
mers  for  as  little  as  $20  per 
month. 

Tufts  University,  a  151-year-old 
school  in  Medford,  Mass.,  last 
month  discovered  spammers 
were  paying  students  to  offer  up 
their  PCs  as  relay  points  that 


helped  mask  the  true  source  of 
the  spam.  While  university  net¬ 
work  executives  interviewed 
were  not  aware  of  other  cases  on 
U.S.  campuses,  the  phenomenon 
has  cropped  up  in  Israel. 

The  problem  came  to  light  at 
Tufts  after  the  school  received  a 
flood  of  complaints  that  its 
domain  was  the  source  of  spam, 
says  Lesley  Tolman,  director  of 
networks  and  telecommunica¬ 
tions  at  Tufts. The  practice  isn’t  so 
See  Spammers,  page  60 


telephony  pilots  out,  why  they 
don’t  go  all  the  way,  and  they  say 
it’s  a  money  issue,”  and  the  ability 
to  show  ROI. 

“I  have  a  fixed  IT  budget  and  a 

See  VoiceCon,  page  61 


Blade 

servers 

attack  data  center 


►  The  promise  of  high  density 
and  simplified  management  is 
drawing  converts. 


Managing  collaboration  can  be  challenging. 
That’s  why  there’s  Windows  XP  and  Office  XP. 


Recognize  any  of  those  issues?  Or,  perhaps,  all  of  them?  We  thought  so. 
Many  of  these  issues  can  be  related  to  your  legacy  desktop  software; 
fortunately,  many  of  them  can  be  addressed  by  features  in  Microsoft* 
Windows®  XP  Professional  and  Office  XP  Professional.  Want  specific 


Ie*m«»i»»«*1 


examples?  Windows  XP  Professional  offers  built-in  audio  and  video-con¬ 
ferencing  capabilities  that  make  the  whole  experience  easy  and  intuitive 
for  your  end  users.  With  the  Send  for  Review  feature,  Office  XP  Professional 
lets  users  easily  assign  roles  to  everyone  involved  in  the  document  review 


cycle,  while  automatically  providing  the  correct  tools  for  each  reviewer 
and  allowing  changes  to  be  easily  merged  back  into  the  original  document. 
And  finally,  several  new  features  make  deployment  easier  than  ever.  For 
more  ideas  about  managing  your  desktops,  visit  microsoft.com/desktop 


V'  •  j  ...  ■ 


-  ,-vy/J-A,  7  *»V 


S'  ■! 


WTzmi-  ■'  T-:>  • 


£■  ^  •• 


:  -s  if® 


m. 


Pain  Management 

for  Business 


m-'-m:®':,- ... 

I"  '•*  ■»  </  •  V-* 

1  ■  • '{r^r  ‘ -t  •■ 


,  v  y^;:/;  ■ 

A'  v  ,  rc  ’  .#,*/*£££  *•  •  / ,f: 

£  ;  4 — V 

•>;-«> •;  k'Vv’j-V. '•  -i&Z':'. 


Where  does 


:  V  • 

\rK;.X- 
v  •/  ’ 

:  'S'  ,.•/ 


^.Eg 

;  J 


T  *•>**’ 


;>  v  -v .. 


Pain  Management 


• : 


Sprint  is  a  recognized  leader  in  handling  IT  pain.  Our  customers  believe  itr  and  so  will  you. 


Inflamed  costs?  Bloated  inventories? 

Fractured  networks?  Strained  security? 

Sprint  feels  your  pain.  And  we  may  be 
equipped  to  do  something  about  it. 

Surprised?  Don't  be.  In  a  recent 
study  by  J.D.  Power  and  Associates, 

Sprint  was  ranked  highest  in  customer 
satisfaction  with  business  high  end 
data  service  providers.  That's  in  addition 
to  a  second  J.D.  Power  and  Associates 
award  for  highest  customer  satisfaction 
with  business  long  distance  telephone 
service  providers.  Clearly,  this  is  pain 
relief  that  has  shown  it  can  handle 
the  toughest  industry  headaches. 

A  healthy,  new  approach:  as  much  pain  management 
as  you  need.  Think  of  Sprint  communications  solutions 
as  targeted  relief,  identifying  the  pain  at  its  source, 
then  offering  up  remedies  working  with  your  existing 


IT  investment.  Virtually  wherever  it  hurts, 
you'll  have  the  Sprint  broad  portfolio  of 
IT  services  to  call  on:  Sprint  IPVPNSM, 

IP  Intelligent  Frame  Relay,  Dedicated  IP, 
DSL,  and  Sprint  Frame  RelaySM.  And 
when  it  stops  hurting,  we  can  provide 
you  data,  wireless,  and  IP-based  solutions 
that  can  enable  secure  and  ready  access 
to  key  information  when,  where,  and 
how  you  need  it.  Now  that  should  make 
any  business  feel  — and  work— a  whole 
lot  better. 

If  you  think  of  Sprint  as  just  a  long¬ 
distance  provider,  it's  time  for  a  second 
opinion.  Maybe  you're  already  using 
Sprint  to  resolve  your  long-distance  aches  and  pains. 
Let  us  show  you  how  we  can  provide  communications 
solutions  at  the  next  level:  your  level.  Speak  to  a  Sprint 
representative  today  and  just  tell  us  where  it  hurts. 


I  Quick  Pain  Relief:  Sign  up  with  Sprint  and  get  a  Cisco  router  worth  up  to  $3,500  free* 

Call  1  877  519-1714  or  visit  www.sprintbiz.com/relief4. 


One  Sprint.  Many  Solutions 


Voice/Data  PCS  Wireless  Internet  Services  E-Business  Solutions  Managed  Services 


•To  qualify  for  promotion,  customers  must  purchaseTI/EI  port  with  a  2-  or  3-year  contract  term.  Installation  is  an  optional  service  that  can  be  purchased.  Promotion  expires  3/31/03.  Restrictions  apply. 
Additional  terms  and  conditions  may  apply.  Promotion  subject  to  change  or  cancellation  without  notice.  Not  valid  with  other  promotions.  Contact  a  Sprint  representative  for  further  details.  J.D.  Power 
and  Associates  2002  Major  Provider  Business  Telecommunications  Service  Study*.  High  End  Data  segment  includes  frame  relay,  ATM,  and  other  packet/cell  technologies.  Study  conducted  among  3,055 
businesses  with  2-500+  employees  that  subscribe  to  major  providers  in  the  high  end  market,  www.jdpower.com.  Copyright  ©  Sprint  2003.  All  rights  reserved.  Sprint  and  the  diamond  logo  are  trademarks 

of  Sprint  Communications  Company  L.R 
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1 8  OASIS  gives  OK  to  Web  services  standard. 

1 8  Hunt  for  worms  shifts  to  LAN  traffic. 

1 10  Web  surfing  and  secure  VPNs  can  be  compatible. 

1 10  HP  jumps  into  IP  storage  with  iSCSI  router. 

112  FCC  review  is  a  split  decision. 

12  IBM  targets  users  through  partner  network. 

14  Polycom  releases  slew  of  products. 

14  HIPAA-compliant  back-up  device  on  tap. 

16  Cometa  Networks  CEO  reveals  further  details  on  start-up. 
16  Microsoft  acquisition  to  help  infiltrate  data  centers. 

60  More  spammer  tricks. 


Infrastructure 

■  19  West  Point  learns  wireless 
lessons. 

■  19  New  device  could  reduce 
XML-related  bottlenecks. 

■  20  Dave  Kearns:  Software 
costs:  There  are  no  free  kittens. 

■  22  Special  Focus: 

Partitioning  bonanza:  Unix  servers. 

Enterprise 

Applications 

■  25  Managing  digital  rights. 

■  25  Tacit  brings  together  like- 
minded  users. 

■  28  Scott  Bradner:  Is  it  tea 

time  again? 

Service  Providers 

■  31  Equant  launches  DSL  for  IP 
VPN  users. 

■  31  AT&T  Wireless  to  lend  Palm 
users  a  hand. 

■  32  Johna  Till  Johnson: 

Gherchez  I'application. 

The  Edge 

■  33  Nortel  unfolds  VoIP  service 
road  map. 

■  33  Cisco  unveils 
router  for 
managed 
services. 


Technology  Update 

■  35  Security,  efficiency  are  key 
to  Advanced  Encryption  Standard. 

■  35  Steve  Blass:  Ask  Dr. 

Internet. 

■  36  Mark  Gibbs:  Services 
from  any  app. 

■  36  Keith  Shaw:  Cool  tools, 
gizmos  and  other  neat  stuff. 

Opinions 

■  38  Editorial:  Forget  phone 
cameras:  give  me  apps. 

■  39  Todd  Brooks:  Secure 
start-ups  will  fare  best  in  ’03. 

■  39  James  Kobielus:  Web 

services  need  traffic  management. 

■  62  BackSpin:  White  box  or 
brand  name? 

Management 

Strategies 

■  49  Tackling  tough  projects: 
Companies  move  from  individual 
heroics  to  project  management  to 
get  IT  rollouts  done. 


Skyscape  is 
bundling  medical 
reference  soft¬ 
ware  on  Palm 
ml  30s. 


Page  36 


Features 

Blades  target  data  center:  a  new 

approach  combines  server  blades,  storage,  networking 
and  power  supply  in  one  chassis.  Corporations  can  reap 
savings  on  data  center  management  and  space  costs, 

Page  40. 


Attacking  spam  at  the  net¬ 
work's  edge:  Results  from  our  exclusive  test 
of  e-mail  gateways  from  MailFrontier  and  Cloudmark. 

Page  42. 

Sector  Spotlight:  Life  sciences  companies 
face  a  special  test  when  it  comes  to  storage.  Find  out 
how  they  handle  huge  amounts  of  data. 

Page  46. 
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TROY  DOOLITTLE 


www.nwftision.com 


Interactive 


Online  exclusive:  Life  sciences  spotlight 

After  reading  how  technologies  are  transforming  the  life  sciences  industry 
in  our  Sector  Spotlight  (page  46),  head  online  to  see  how  regulatory 
requirements  for  the  industry  pose  a  mqjor  data  storage  and  manage¬ 
ment  challenge. 

DocFinder:  4438 

Weblog:  Live  from  Demo 

Our  editors  give  you  the  inside  scoop  on  the  latest  products  that  made 
their  debut  at  Demo  last  week. 

DocFinder:  4338 

Seminars  and  Events 


Columnists 


Get  the  latest  on  wireless  technology 

Wireless  LAN  technology  is  one  of  the  hottest  IT  topics  today.  Join  Tom 
Henderson  for  Network  World's  Technology  Tour,  "Wireless  LANs: 

Building  and  Managing  a  Well-Integrated  802.11  Network,"  and  discover 
how  you  can  seamlessly  meld  wireless  technology  into  your  company 
today. 

DocFinder:  4344 

■  CONTACT  US  NetworkWorld,  118 Turnpike  Road,  Southborough, 
MA  01772;  Phone:  (508)  460-3333;  Fax:  (508)  490-6438; 

E-mail:  nwnews@nww.com;  STAFF:  See  the  masthead  on  page  14 
for  more  contact  information.  REPRINTS:  (717)  399-1900 

SUBSCRIPTIONS/CHANGE  OF  ADDRESS:  Phone:  (508)  490-6444; 
Fax;  (508)  490-6400;  E-mail:  nwcirc@nww.com; 

URL;  www.subscribenw.com 


Compendium 

An  Epiphany  in  Web  browsers 

Fusion  Executive  Editor  Adam  Gaffin  focuses  on  Epiphany,  the 
new  Web  browser  for  the  Linux  GNOME  set. 

DocFinder:  4439 

Telework  Beat 

Virtual  call  centers  fight  to  keep  jobs  in  the  U.S. 

Net.Workcr  Managing  Editor  Toni  Kistner  talks  to  call  center 
experts,  who  cite  better  quality  of  service  and  national  secu¬ 
rity  concerns  as  reasons  those  jobs  should  stay  on  home 
soil. 

DocFinder:  4440 

Small  Business  Tech 

In  Columnist  James  Gaskin's  review  of  Buffalo  Technology's 
AirStation  802.11g  he  says  the  router  is  full-featured,  easy  to 

set  up  DocFinder:  4441 

Home  Base 

Home-office  tax  fallacies 

Not  sure  whether  to  take  the  home-office  deduction? 
Columnist  Jeff  Zbar  offers  advice  on  smart  fling. 

DocFinder:  4442 


What  is  DocFinder? 

We’ve  made  it  easy  to  access  articles  and 
resources  online.  Simply  enter  the  four-digit 
DocFinder  number  in  the  search  box  on  the 
home  page,  and  you’ll  jump  directly  to  the 
requested  information. 
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News 


Recording  industry  warns 
network  owners 

■  The  Record  Industry  Association  of 
America,  in  conjunction  with  the  Motion 
Picture  Association  of  America,  last  week 
mailed  a  brochure  to  the  Fortune  1000 
companies  that  warns  them  to  prevent 
copyright  abuses  on  their  computers  and 
networks  or  face  consequences.  The  guide 
suggests  that  companies  should  advise 
employees  against  unauthorized  copying  of 
music  and  videos,  because  doing  so  puts 
employers  in  legal  jeopardy  RIAA  noted 
that  companies  can  face  stiff  fines  for  viola¬ 
tions.  For  example,  Integrated  Information 
Systems  paid  a  $1  million  settlement  last 
April  when  employees  were  found  to  be 
accessing  and  distributing  music  files  on 
the  company  server. 

Ex-Microsoft  exec  fires  parting  shot 


BRIAN  GAI 


TheGood  FheBadTheUgly 


Heard  at  Demo  2003  .  You  know  the 

mind-numbing  children's  song  "Wheels  on  the  Bus”? 
Well,  Demo  attendees  were  treated  to  a  hypnotic  rock 
version  that  had  parents  in  the  crowd  asking  where 
the  recording  can  be  bought.  Here's  where: 
www.mothergooserocks.com. 


Divine  intervention  needed.  Business 

incubator-turned-software  conglomerate  Divine  last 
week  said  that  after  months  of  cost-cutting  moves,  it 
will  explore  strategic  alternatives  -  including  filing  for 
bankruptcy  protection  -  to  ensure  continued  operations 
The  company  was  founded  in  1999  by  the  colorful  Andrew 
"Flip"  Filipowski,  who  has  expanded  Divine  through  dozens 
of  acquisitions  much  in  the  same  way  he  grew  his  earlier 
company,  Platinum  Technologies,  before  selling  it  to  Computer 
Associates.  With  Divine  racking  up  $160  million  in  losses 
for  the  first  nine  months  of  2002,  having  CA  come  to  the 
rescue  this  time  around  might  be  a  long  shot.  > 


The  trouble  with  Wi-Fi  .  At  last  week's  Demo  conference  half  the  audience  members  were  on 
their  wireless  laptops  connected  to  the  'Net  over  802.11b.  These  are  some  of  the  most  tech-savvy  people  on 
the  planet,  a  collection  of  entrepreneurs,  venture  capitalists  and  industry  gurus ...  and  yet,  there  was  Joel 
Snyder,  a  Network  World  Global  Test  Alliance  member,  sitting  in  the  room,  running  a  sniffer  program  that  was 
picking  up  lots  of  unencrypted,  unprotected  wireless  traffic,  including  IP  addresses  and  passwords.  With  a  simple 
mouse  click,  he  opened  an  e-mail.  Scary  stuff  when  you  consider  that  even  people  supposedly  in  the  know  aren't 
taking  security  seriously. 


■  Microsoft  must  embrace  the  diversity  of  open  source 

software  or  face  oblivion,  David  Stutz.a  departing  Microsoft  executive,  wrote  in  his  farewell 
letter  to  the  company  when  he  retired  last  month.  Stutz,  a  respected  technical  thinker  at 
Microsoft, sees  networked  software  as  the  future  for  computing.“If  Microsoft  is  unable  to 
innovate  quickly  enough  or  to  adapt  to  embrace  network-based  integration,  the  threat  that 
it  faces  is  the  erosion  of  the  economic  value  of  software  being  caused  by  the  open  source 
software  movement,”  Stutz  wrote  in  the  letter  that  he  posted  on  his  Web  site.  “Useful  soft¬ 
ware  written  above  the  level  of  the  single  device  will  command  high  margins  for  a  long 
time  to  come.  Stop  looking  over  your  shoulder  and  invent  something!”  he  wrote  to 
Microsoft. “If  the  PC  is  all  that  the  future  holds,  then  growth  prospects  are  bleak.”  Microsoft 
said  in  a  statement  that  it  “agrees  with  much  of  the  vision  Dave  [Stutz]  has  for  the  future.” 
However,  the  company  added  that  it  believes  “breakthrough  innovations  will  come  most¬ 
ly  from  commercial  software  companies  such  as  Microsoft.” 

Google  grabs  Weblog  company 

■  Search  powerhouse  Google  has  acquired  Pyra  Labs,  the  company  behind  Weblog  site 
Blogger,  giving  it  a  boost  in  Web  content  and  services.  The  acquisition,  which  was  dis¬ 
closed  in  a  posting  on  the  Blogger  site,  also  will  let  Google  leapfrog  into  the  burgeoning 
Weblog  market,  which  has  been  gaining  steam  as  increasing  numbers  of  ’Net  users  dis¬ 
cover  the  ease  of  use  and  flexibility  of  online  publishing.  Weblogs  are  Web  pages  con- 

COMPEND1U  M 


sisting  of  short,  frequently  updated  posts,  much  like  a  diary.  Four-year-old  Pyra  Labs, 
which  is  in  San  Francisco,  has  managed  to  make  a  significant  foothold  in  Weblogging  — 
also  known  as  “blogging” —  growing  its  base  of  registered  users  to  more  than  1  million. 
The  basic  service  is  free,  although  the  company  does  have  a  premium  version. Terms  of 
the  deal  were  not  announced. 

Security  flaws  flagged  in  Domino 

■  Three  security  flaws  could  let  attackers  run  malicious  code  on  machines  running  IBM’s 
Lotus  Domino  or  iNotes  software.  Next  Generation  Security  Software,  a  consulting  com¬ 
pany  in  Sutton,  England,  disclosed  the  flaws  last  week.  Using  a  vulnerability  in  the  iNotes 
messaging  software,  a  remote  attacker  could  gain  control  of  a  Domino  server  by  provid¬ 
ing  an  overly  long  value  in  a  request  for  Web-based  mail  services.  A  second  vulnerability 
affects  the  Domino  6  application  server  software.  Using  the  flaw,  an  attacker  could  create 
a  buffer  overrun  by  supplying  false  and  excessively  long  host  names  in  a  request  for  a  doc¬ 
ument  or  view  that  is  stored  in  a  Lotus  database.  After  triggering  the  overrun,  attackers 
could  execute  their  own  code  under  the  account  running  the  Domino  Web  Service 
process,  gaining  control  of  the  Domino  server.  A  third  vulnerability,  found  in  an  ActiveX 
client  control  used  by  the  iNotes  software,  allows  an  attacker  to  execute  malicious  code 
on  a  remote  machine  that  is  attempting  to  use  iNotes  Web-based  messaging  features.The 
vulnerabilities,  which  were  found  in  Release  6.0  of  Lotus  Notes  and  Domino,  have  been 
patched  by  IBM  in  the  6.0.1  maintenance  release. 


Open  source  at  Network  World 

File  this  under.  Right  tool  for  the  job.  Network  World  is  an  Oracle  shop,  but  Fusion 
Executive  Editor  Adam  Gaffin  explains  why  Network  World  Fusion  is  installing  the  free 
MySQL  database  -  to  support  a  Weblogging  application  that  works  with  the  latter  but 
not  the  former.  Read  more  at  www.nwfusion.com,  DocFinder:  4446. 


IDG:  Asia  soon  to  be  tops  in  developers 

■  The  region  with  the  highest  number  of  developers  in  the  world  soon  will  be  changing, 
according  to  IDC. While  North  America  claimed  this  top  spot  in  2001 ,1DC  is  predicting  that 
by  2005,  Asia-Pacific  will  have  the  most  people  employed  in  the  field.  Over  the  next  five 
years,  the  growth  in  this  region  —  particularly  in  China  and  India  —  is  expected  to  be 
much  greater  than  in  North  America. 
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Building  carrier  class  enterprise  networks 


Availability  in  enterprise  networks  has  improved  in  recent 
years  -  but  it's  come  at  a  price,  and  still  doesn't  approach  what 
you  expect  from  carrier  networks. 

Is  your  data  network  less  important  than  your  voice  network? 
In  many  cases,  it's  even  more  critical. 

Building  a  carrier  class  enterprise  network  means 
continuous  network  operation  from  the  edge  to  the 
core,  so  that  network  failures  have  zero  impact  to 
the  end  user  and  mission-critical  applications  are 
always  accessible. 


Alcatel's  next-generation  enterprise  products  have  integrated 
technologies  that  ensure  carrier  class  availability  and  high 
performance  to  the  enterprise,  without  a  cost  premium. 

Alcatel  has  a  history  of  innovation  and  proven 
leadership,  and  has  been  building  carrier 
networks  around  the  world  for  over  half  a  century. 

Carrier  class  is  a  distinction  you  have  to  earn. 
We've  earned  it  and  now  deliver  it  to  your 
enterprise  with  the  next  generation 
OmniSwitch  family. 


Alcatel  redefines  availability 

for  the  enterprise 


www.alcatel.com/enterprise 

(800)  995-2612 
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OASIS  gives 
OK  to  Web 
services 
standard 

■  BY  JOHN  FONTANA 

Corporate  demand  for  better 
Web  services  security  technol¬ 
ogy  got  another  shot  in  the  arm 
last  week  after  a  standards  body 
finalized  work  on  an  XML-based 
access  control  protocol. 

The  Organization  for  the  Ad¬ 
vancement  of  Structured  Infor¬ 
mation  Standards  (OASIS)  gave 
its  stamp  of  approval  to  the  Ex¬ 
tensible  Access  Control  Markup 
Language  (XACML),  which  has 
been  in  development  for  almost 
two  years.  The  standard  is  de¬ 
signed  to  alleviate  the  patchwork 
of  access  control  policies  com¬ 
panies  use  today  that  are  written  j 
in  proprietary  languages  specific 
to  each  device  or  application,  an 
inflexible  system  that  creates  an 
administrative  nightmare. 

XACML  includes  an  access  con¬ 
trol  language  and  request/  j 
response  language  that  let  devel¬ 
opers  write  policies  dictating 
what  users  can  access  on  a  net¬ 
work  or  over  the  Internet. XACML 
likely  will  show  up  in  firewalls, 
servers  and  Web  access  manage 
ment  software  but  also  could  be 
used  as  the  basis  for  gateways  to 
connect  disparate  access  control 
policy  engines. 

“XACML  is  for  any  point  on  the 
Internet  that  has  to  make  a  deci¬ 
sion  on  authorization,”  says  Hal 
Lockhart,  co-chair  of  the  XACML 
technical  committee  at  OASIS. 

OASIS  also  is  working  on  the 
Security  Assertion  Markup  Lan¬ 
guage  (SAML), which  was  ratified 
late  last  year.  XACML  and  SAML 
are  complementary  in  support¬ 
ing  identity  management  and 
authentication  and  authorization 
for  Web  services. 

“XACML  builds  on  SAML  to  en¬ 
sure  the  right  people  have  access 
to  the  right  things  at  the  right 
time,"  says  Jamie  Lewis,  president 
of  Burton  Group. 

But  Lewis  says  companies  will 
still  have  to  work  out  the  differ¬ 
ences  between  their  access  poli¬ 
cies.  “XACML  won’t  make  Com¬ 
pany  As  policies  automatically 
meaningful  to  Company  B,”  he 
says. 

IBM  and  Sun  are  among 
the  major  players  supporting 
XACML  ■ 


Hunt  for  worms  shifts  to  LAN  traffic 

Intrusion-prevention  system  vendors  introduce  devices  for  containing  Slammer-like  outbreaks. 


An  inside  job 


The  latest  intrusion-prevention  systems  are  designed  to  catch  those  worms  that 
attack  from  deep  inside  a  corporate  network. 


a 


The  first  wave  of  IPS  boxes  sit  at  a  corporate 
network's  perimeter  to  block  worms  ordenial- 
of-service  attacks  emanating  from  the  Internet. 
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The  latest  versions  sit  behind  a  router 
to  block  attacks  introduced  by  employees 
ore-business  partners. 
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■  BY  ELLEN  MESSMER 

Some  makers  of  intrusion-pre¬ 
vention  systems  designed  to  ac¬ 
tively  block  harmful  traffic  such 
as  last  month’s  MS-SQL  Slammer 
worm  are  arguing  that  strategies 
should  shift  from  guarding  the 
corporate  Internet  perimeter  to 
setting  up  IPS  appliances  deep 
within  the  LAN. 

By  deploying  an  IPS  internally  a 
company  can  detect  and  auto¬ 
matically  block  any  worm  out¬ 
break  that  might  occur  across  the 
LAN  if  employees  or  business 
partners  with  internal  access  in¬ 
troduce  one  into  the  system. 
Silicon  Defense  and  TippingPoint 
Technologies  separately  are  intro¬ 
ducing  such  products  this  week. 
The  approach  remains  novel  be¬ 
cause  companies  are  just  warm¬ 
ing  to  the  notion  that  they  auto¬ 
matically  should  block  traffic  at 
all,  even  at  the  Internet  perimeter. 

Managed  security  firm  Ubizen 
recently  produced  a  report  on 
Slammer,  noting  that  although  the 
worm  was  “easily  stoppable  on 
the  perimeter  infrastructure,” 
some  of  its  customers  were  hit 


from  inside  “trusted  parties,”  in¬ 
cluding  dial-up  links, roaming  lap¬ 
tops  and  third-party  connections. 

Worm  containment' 

Silicon  Defense  CEO  Stuart 
Saniford  advocates  for  what  he 
calls  “worm  containment,”  which 
is  what  his  company  says  its 
CounterMalice  product  can  do. 

“A  worm  is  always  going  to  get 
inside  your  organization,  and  you 
need  worm  containment  inside,” 
Saniford  says.  CounterMalice  is 
an  appliance  with  500M  bit/sec 
throughput  that’s  supposed  to  be 
installed  across  LAN  segments 
based  on  an  analysis  Silicon 
Defense  would  do  for  the  com¬ 
pany  so  a  worm  that  has  begun 
to  spread  can  be  immediately 


detected  and  blocked. 

“You  have  to  react  within  sec¬ 
onds,  and  you  must  have  an 
automated  engine,”  Saniford 
says.  “Waiting  for  a  systems  ad¬ 
ministrator  is  hopeless.  The  goal 
is  to  contain  it  early’ 

Rather  than  use  signature- 
based  detection,  CounterMalice 
blocks  worm  activity  through  a 
process  largely  based  on  recog¬ 
nizing  aberrant  IP  traffic  patterns 
—  Saniford  calls  it  “IP  behaving 


badly”  —  which  might  be,  for 
instance,  an  outburst  of  scanning 
typical  of  worms  in  search  of  a 
new  victim  machine. 

CounterMalice,  which  starts  at 
$25,000,  has  a  rudimentary  com¬ 
mand-line  interface,  but  that 
might  improve  by  the  time  the 
product  ships  in  April,  according 
to  Saniford. 

TippingPoint's  bid 

TippingPoint,  which  already 
sells  the  UnityOne  2000  signa¬ 
ture-based  intrusion-prevention 
appliance  that  reaches  2G 
bit/sec,  is  introducing  three  IPS 
appliances  for  use  inside  corpo¬ 
rate  networks. 

UnityOne  400  supports  400M 
bit/sec,  UnityOne  1200  supports 


1.2G  bit/sec,  and  UnityOne  2400 
reaches  2.4G  bit/sec.  Each  has 
eight  ports  that  support  Ethernet, 
Fast  Ethernet  or  Gigabit  Ethernet 
speed  internal  LANs.  The  same 
management  console  can  con¬ 
figure  and  receive  reports  from 
all  three  devices,  which  can 
block  about  850  types  of  attacks. 
They  cost  $43,000,  $65,000  and 
$97,000,  respectively. 

“The  UnityOne  2400  is  best  for 
use  inside  a  data  center^  CEO 
John  McHale  says.  TippingPoint 
has  added  failover  capability  to 
the  appliances  so  Layer  2  switch¬ 
ing  takes  over  if  the  in-line  appli¬ 
ance  fails.  The  devices  support 
several  routing  protocols,  includ¬ 
ing  Interior  Gateway  Protocol. 

While  TippingPoint  still  advo¬ 
cates  deploying  an  IPS  at  the 
Internet  perimeter  to  stop  worms 
and  other  types  of  attacks,  in¬ 
stalling  an  IPS  internally  is  an  ad¬ 
ditional  safeguard,  McHale  says. 

One  UnityOne  customer  says 
that  is  the  approach  he  takes.  At 
the  University  of  Dayton  in  Ohio, 
it’s  not  uncommon  for  students 
to  introduce  computer  viruses 
via  their  laptops  onto  the  cam¬ 
pus  LAN,  CIO  Tom  Danford  says. 
The  university  uses  UnityOne 
2000  inside  the  LAN. 

“There’s  always  the  possibility 
we  might  be  blocking  legitimate 
traffic,  but  in  our  experience,  it 
always  ends  up  being  malicious,” 
Danford  says. 

By  May  TippingPoint  expects  to 
add  ways  to  use  the  appliances 
internally  to  prevent  copyright 
violations. 

Most  organizations  today  de¬ 
ploy  what’s  known  as  “passive 
intrusion-detection  systems”  that 
monitor  and  report  suspicious 
activity,  but  don’t  block  it.  IPS 


appliances,  including  those  from 
IntruVert  Networks,  NetScreen 
Technologies,  Internet  Security 
Systems, Top  Layer  Networks  and 
Check  Point,  are  not  widely 
accepted. 

Expect  to  see  more  intrusion- 
prevention  products  from  tradi¬ 
tional  intrusion-detection  system 
(IDS)  vendors. 

“IPS  are  the  next  generation  of 
firewalls  at  the  proxying  level,” 
says  Martin  Roesch,  Sourcefire’s 
president.  “We’re  planning  on 
releasing  an  IPS  product,  proba¬ 
bly  later  this  year.  But  we  still 
think  you  will  need  both  IDS  and 
IPS  as  a  surveillance  and  net¬ 
work-monitoring  technology” 

Network  World,  the  Tolly  Group 
and  NSS  Group  are  among  the 
organizations  planning  to  test 
the  active  blocking  capability  of 
IPS  products  later  this  year.B 
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■  THIS  WEEK’S  QUESTION: 


What  was  the  name  of 
the  company  that 
created  ICQ,  the  instant¬ 
messaging  technology 
now  owned  by  AOL? 

Answer  this  and  nine  addtional  questions 
online  and  you  could  win  $500!  Visit 

Network  World  Fusion  and  enter  1349 
in  the  Search  box. 

www.nwfusion.com 


HA  worm  is  always  going 
to  get  inside  your  organiza¬ 
tion,  and  you  need  worm 
containment  inside. 91 


Stuart  Saniford 

CEO,  Silicon  Defense 
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Enhancing  Backup  Strategies  for 
Mission-Critical  Information 

Quantum ’s  DX30  solves  backup  and  recovery  bottlenecks 
with  a  disk-based  solution  that  emulates  a  tape  library. 


There  is  no  alternative:  When  it  comes  to 
business  success,  corporations  must  have  easy 
access  to  vital  information,  and  they  must  have 
it  immediately. 

"IT  management  has  been  tasked  to  ensure 
that  data  is  accessible  24  hours  a  day,  7  days 
a  week,"  says  Dave  Kenyon,  product  line 
manager  for  Enhanced  Backup  at  Quantum, 
a  leading  provider  of  storage  solutions 
based  in  Milpitas,  Calif.  "When  shrinking 
backup  windows  are  compounded  with 
increased  backup  and  restore  requirements, 
IT  managers  are  forced  to  concentrate  on 
the  backup  process  and  put  other  critical  IT 
projects  on-hold." 

Clearly,  the  pressure  is  on  for  IS  managers  to 
provide  timely,  reliable  backup  and  recovery 
services  to  ensure  that  business  leaders  can 
obtain  vital  information  any  time,  anywhere.  But 
just  as  corporate  demands  for  data  accessibility 
have  risen  to  an  all-time  high,  so  too  has 


the  difficulty  of  quickly  and  reliably  backing  up 
that  data.  IS  managers  must  grapple  with  the 
tough  reality  of  backing  up  exponentially 
increasing  amounts  of  company  data  in  a 
steadily  shrinking  window  of  time,  says  Steve 
Kenniston,  an  analyst  at  Enterprise  Storage 
Group,  an  independent  research  firm  based  in 
Milford,  Mass. 

"As  companies  become  more  global  and 
people  all  over  the  world  need  to  access 
data,  there  is  no  time  during  the  night  when 
nobody  is  trying  to  access  information,"  he 
points  out.  Meanwhile,  many  companies 
report  that  their  volume  of  stored  data  is 
growing  at  an  annual  rate  of  40  percent  to  75 
percent. 

This  leaves  data  center  folks  between  a 
rock  and  a  hard  place:  Tape  libraries  can  be 
just  too  slow  to  reliably  back  up  data  in  the 
little  time  available.  Moreover,  it  can  take  days 
to  recover  data  that’s  stored  on  tape — days 
that  many  companies  don’t  have. 

But  the  CEO  doesn’t  want  to  hear 
about  how  long  it  takes  to  back  up 
data,  reports  Shane  Jackson,  Quantum’s 
director  of  business  development.  "He  just 
wants  to  know  why  his  employees  can’t 
get  at  the  data  when  they  need  to,"  says 
Jackson.  "As  a  result,  system  administrators 
are  in  the  hot  seat — if  they  can’t  recover 
the  data  when  they  need  to,  it  could 
mean  their  job,  and  if  they  take  too  long 
backing  it  up,  it  could  mean  the  same 
thing." 


"As  companies  become  more  global 
and  people  all  over  the  world  need  to 
access  data,  there  is  no  time  during 

the  night  when  nobody  is  trying  to 
access  information." 

—  Steve  Kenniston, 

Analyst,  Enterprise  Storage  Group 

The  Answer:  Implement  an 
Enhanced  Backup  Strategy 

Many  experts  advise  companies  faced  with 
this  intractable  problem  to  enhance  traditional 
tape-based  backup  technology  with  disk 
subsystems.  For  example,  the  Quantum  DX30 
disk-based  backup  system  can  address  these 
critical  problems  by  offering  vastly  increased 
backup  and  recovery  speeds,  better  reliability 
and  hassle-free  implementation.  "By  storing 
mission-critical  data  on  the  DX30,  IS  employees 
can  rest  comfortably  knowing  that  they  can 
restore  data  rapidly  and  reliably,  reducing 
downtime  for  business  users,"  says  Kenyon.  The 
DX30  brings  the  following  strengths  to  the  data 
center: 

•  Speed.  Rather  than  writing  at  the  speed 
of  tape,  the  DX30  runs  at  an  80  MB  per 
second  clip,  which  can  cut  backup  and 
recovery  time  drastically.  That  translates 
into  businesses  not  having  to  wait  to 
access  important  data. 

•  Reliability.  The  DX30’s  hot-swappable 
disk  drives  further  enhance  its  reliability. 

Continued  on  Next  Right  Hand  Page 


Separation  of  Backup  and  Archive  Targets 


Learn  how  Enhanced  Backup  Strategies  can  protect  your  business 


with  a  FREE  white  paper  and  consultation  from  Quantum. 


Visit  us  at  www.quantum.com/dx30edu 
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¥PN  experts  downplay  ‘splitting’  headache 

Most  say  split  tunneling  does  not  necessarily  undermine  security. 


■  BY  TIM  GREENE 

At  a  time  when  protecting  cor¬ 
porate  networks  is  paramount, 
many  users  are  steering  clear  of  a 
feature  of  IP  Security  VPNs  called 
split  tunneling,  a  move  that  can 
give  a  false  sense  that  remote- 
access  networks  are  more  secure 
than  they  really  are,  experts  say 

Split  tunneling  was  created  to 
allow  Web  surfing  and  corpo¬ 
rate  VPN  access  simultaneously 
from  remote  PCs. The  benefit  of 
split  tunneling  is  that  corpora¬ 
tions  can  conserve  bandwidth 
needed  for  Internet  access  at 
VPN  hub  sites  and  reduce  the 
load  on  VPN  gateways. 

But  with  this  feature, if  a  remote 
PC  is  connected  directly  to  the 
Web  and  at  the  same  time  tied 
into  the  VPN,  attackers  coming 
on  from  the  Web  could  com¬ 
mandeer  the  PC  and  gain  access 
to  the  corporate  network  (see 
graphic,  right). 

“Vulnerabilities  with  the  [PCs 
operating  system]  and  the  appli¬ 
cations  running  on  the  client 
might  expose  the  VPN,  since  the 
client  machine  is  essentially  act¬ 


ing  as  a  type  of  router,”  says  Kur¬ 
ds  Lawson,  a  network  engineer 
with  NetCare  Services, a  network 
consultancy 

While  this  could  happen,  it  is 
unlikely,  experts  say 

“The  security  threats  are 
theoretically  possible,  but  you 
should  spend  your  time  worry¬ 
ing  about  other  things,” says  Paul 
Hoffman,  executive  director  of 
the  VPN  Consortium,  a  group  of 
VPN  vendors  working  toward 
interoperability. 

“Users  need  to  make  sure  they 
don’t  rely  on  split  tunneling  to  do 
more  than  it  can  provide,”  says 
Wray  West,  former  CTO  of  VPN 
vendor  Indus  River,  now  part  of 
Enterasys. 

“It’s  one  of  the  challenges  of 
security  People  are  desperate  to 
get  a  handle  on  it  and  can  over¬ 
simplify  it,”  he  says.“Blocking  split 
tunneling  is  a  little  safer  than  not 
blocking  it,  but  not  hugely  safer” 

Shut  off  split  tunneling 

Shutting  off  split  tunneling  isn’t 
a  cure-all  to  fend  off  attacks,  be¬ 
cause  the  integrity  of  the  remote 
PC  doesn’t  have  to  be  compro¬ 


mised  while  it  is  connected  to 
the  VPN  to  cause  damage.  It  can 
just  as  easily  be  compromised 
while  the  user  is  Web  surfing 
with  the  VPN  tunnel  turned  off, 
then  do  damage  the  next  time 
the  VPN  is  turned  on.  Viruses  or 
back  doors  downloaded  while 
surfing  would  threaten  the  VPN, 
West  says. 

Using  personal  firewalls  on  all 
the  remote  PCs  would  mitigate 
the  threat  of  them  being  compro¬ 
mised,  but  properly  installing, 
configuring  and  updating  them 
would  create  more  work.  And  re¬ 
mote  users  could  disconnect 
them  to  free  up  processing  power 
to  improve  Internet  response 
time.  Some  VPN  vendors,  includ¬ 
ing  Check  Point,  Cisco  and  Net- 
Screen  Technologies,  are  trying  to 
combat  this  via  optional  policy 
servers  that  run  configuration 
checks  before  remote  PCs  can 
log  on. 

The  best  way  to  rule  out  Web- 
borne  attacks  is  to  prevent  all  PC 
Internet  use  except  to  connect  to 
the  VPN,  and  that  is  just  what  a 
major  Pennsylvania  food  manu¬ 
facturer  is  doing,  says  the  compa¬ 


ny’s  network  architect.  While  he 
could  not  allow  use  of  his  com¬ 
pany’s  name,  he  says  company- 
issued  PCs  are  locked  down  by 
the  IT  staff  before  they  are  hand¬ 
ed  out  so  users  cannot  surf. 

If  split  tunneling  is  denied,  re¬ 
mote  users  still  can  surf  the  Web, 
but  only  through  the  VPN.  In  the 
absence  of  split  tunneling,  Web 
browsing  is  funneled  over  the 


HP  set  to  roll  out  IP  storage  router 

Company  also  boosts  performance  of  network-attached  storage  appliances. 


■  BY  DENI  CONNOR 

ORLANDO  —  HP  will  announce  its  entry 
into  the  IP  storage  market  today  with  an  iSCSI 
storage  router,  which  lets  SCSI  data  be  trans¬ 
ported  across  a  Gigabit  Ethernet  network. 

Although  HP  declined  com¬ 
ment,  the  StorageWorks  iSCSI 
router  will  debut  at  its  ENSA 
@Work  conference  in  Orlando. 

Sources  say  the  router  attaches 
to  the  network  via  two  Gigabit 
Ethernet  ports  and  to  storage 
arrays  via  two  Fibre  Channel 
connections.  Cisco  manufac¬ 
tured  it  for  HP  but  it  will  not  be 
sold  as  a  separate  Cisco  product. 

At  the  ENSA@Work  conference 
in  Amsterdam  last  month,  HP  de¬ 
monstrated  a  prerelease  version 
of  the  product  connected  to  a 
ProLiant  BLIOe  blade  server  and 
a  Fibre  Channel  storage-area  net¬ 
work  for  configurations  where 
network-attached  storage  (NAS) 
would  not  work.  HP  also  demon¬ 
strated  iSCSI  over  a  wireless 


Ethernet  network. 

Analysts  say  HP’s  support  of  iSCSI  needs  to 
go  further. 

“I  don’t  see  this  to  be  a  significant  an¬ 
nouncement,”  says  Roger  Cox, chief  analyst  for 
Gartner.  “It  reminds  me  of  vendors  that  have 


announced  that  they  now  [are  upgrading 
their  arrays  to]  support  146G  byte  disk  drives.” 

“It  is  another  step  in  the  evolution  of  iSCSI, 
albeit  a  small  one”  says  Anders  Lofgren, 
senior  analyst  at  Giga  Information  Group. 
“The  bigger  question  is,  when  will  major  stor¬ 
age  vendors  introduce  native 
support  for  iSCSI  on  their  array 
products,  especially  the  mid¬ 
range  offerings.” 

HP  has  claimed  it  will  an¬ 
nounce  native  iSCSI  arrays  in  the 
next  year.  IBM  and  Network  Ap¬ 
pliance  were  the  first  major  sys¬ 
tems  or  storage  vendors  to  intro¬ 
duce  iSCSI  arrays.  EMC,  Hitachi 
Data  Systems  and  StorageTek 
have  not  announced  plans. 

In  a  related  announcement,  HP 
is  expected  to  reveal  that  it  has 
increased  the  performance  of  its 
StorageWorks  b2000,  b3000, 
e7000  and  e8000  NAS  appliances 
by  as  much  as  40%  by  adding 
faster  Intel  processors. 

The  StorageWorks  router  costs 
$10,000  and  is  available  now.B 


An  iSCSI  panoply 

Here  is  a  sampling  of  iSCSI  products  that  lets  SCSI  data 
be  transported  across  Ethernet  networks. 


Vendor 

Product 

Device 

Alacritech 

1000x1  sin^e-port  Server  and  Storage  Accelerator 

Adapter 

Cisco 

SN5420  and  SN5428  Storage  Routers 

Switch 

HP 

Name  unknown 

Switch 

IBM 

TotalStorage  IP  Storage  2001 

Storage  array 

Intel 

Pro/1000  T  IP  Storage  Adapter 

Adapter 

Network  Appliance 

F800,  FAS900  filers 

Array 

Nishan  Systems 

IPS  3000  and  4000 

Switch 

SANRAD 

SANRAD  iSCSI  V  Switch 

Switch 

Stonefly  Networks 

Storage  Concentrator  ilOOO  and  i1500 

Switch 

VPN  to  the  central  VPN  gateway, 
tying  up  gateway  processor  time 
and  eating  up  bandwidth  on  that 
site’s  internet  link.  Then  the  traf¬ 
fic  is  routed  back  onto  the  Inter¬ 
net  over  the  same  link,  eating 
bandwidth  a  second  time. 

Running  Web  traffic  through  the 
VPN  subjects  the  traffic  to  screen¬ 
ing  by  the  corporate  firewall  and, 
for  those  who  want  it,  to  central¬ 
ized  content  filtering  to  keep 
users  away  from  restricted  sites. 
Traffic  coming  through  one 
router  is  easier  to  log. 

But  users  also  should  be  pre¬ 
pared  to  take  the  predictable  hit 
on  Internet  bandwidth  consump¬ 
tion  when  they  turn  off  split  tun¬ 
neling,  Hoffman  says.  If  band¬ 
width  and  the  load  on  the  VPN 
gateway  are  not  issues,  then  deny¬ 
ing  split  tunheling  will  do  no 
harm,  he  says. 

For  those  who  decide  to  allow 
it,  experts  recommend  these  pre¬ 
cautions  as  a  way  to  minimize 
risk: 

•  Require  use  of  a  personal 
firewall  on  remote  PCs. 

•  Make  sure  PC  operating  sys¬ 
tems  and  applications  have  up¬ 
dated  security  patches. 

•  Require  use  of  virus-scanning 
software  and  update  it  religiously 

•  Use  a  policy  server  that  denies 
VPN  access  unless  the  remote 
machine  has  proper  security 
installed  and  turned  on.B 


Subscribe  to  our  free  newsletter. 
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Internet 


Split  tunnel  threat? 


Letting  remote  access  VPN  users  surf  the  Internet  while 
connected  to  the  corporate  VPN  is  viewed  by  some  as 
a  security  weakness. 


At  the  same  time,  the  user  is 
allowed  to  surf  the  Internet  at 
large  rather  than  being  limited  to 
reaching  the  corporate  VPN  server. 


Corporate 


A  VPN  user  connects  to  the 
corporate  network  over  an 
Internet  VPN  tunnel. 


network 


Google 


The  user  s  PC  is  hacked  and  the 
attacker  can  connect  to  the  corporate 
network  via  the  VPN  tunnel. 


Amazon 
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"If  you  have  a  tape  drive  fail,  you  might 
have  a  major  interruption  in  your  backup 
job;  with  a  disk-based  system  the  failure 
of  one  drive  won’t  prevent  you  from 
completing  a  backup,"  says  Jackson. 

•  Ease  of  integration.  Implementing 
disk-based  systems  in  a  traditional  tape 
environment  can  present  significant  inte¬ 
gration  challenges.  Many  industry  experts 
point  to  the  DX30  as  a  smart  solution, 
because  the  system  emulates  the  traditional 
automated  tape  library.  The  result?  There’s 
no  need  for  a  so-called  "forklift  upgrade," 
and  companies  don’t  waste  the  significant 
investments  they’ve  already  made  into 
tape  libraries.  "Because  of  Quantum’s 
emulation  approach,  this  is  easy  to  use  for 
a  guy  who  already  knows  how  to  back  up 
to  tape,"  says  Jackson.  "The  way  you  back 
up  to  a  DX30  will  be  exactly  the  same." 

In  addition,  tape  management  software  from 
a  host  of  vendors — such  as  Legato,  Atempo  and 
VERITAS  Software — work  perfectly  with  the 
DX30.  Don  Peterson,  a  senior  product  manager 
at  VERITAS,  says  the  DX30  is  a  system  adminis¬ 
trator’s  dream.  "The  Quantum  DX30  provides  a 
disk-based  backup  solution  that  operates 
seamlessly  with  existing  tape  backup  software, 
such  as  VERITAS  NetBackup,"  he  says.  "The 
DX30  simulates  a  tape  library,  so  the  adminis¬ 
trator  isn’t  required  to  learn  a  new  backup 
paradigm,  and  it  eliminates  problems  associated 
with  tape  media." 

As  companies  rely  ever  more  heavily  on 
technology  to  conduct  business,  access  to  online 
information  will  only  increase  in  importance. 
That’s  why  smart  IS  managers  will  implement  an 
enhanced  backup  strategy.  After  all,  by  supporting 
the  needs  of  business  users,  they  support  the 
success  of  the  business  itself. 


Learn  how  Enhanced  Backup 
Strategies  can  protect  your  business 
with  a  FREE  white  paper  and 
consultation  from  Quantum. 
Visit  us  at 

www.quantum.com/dx30edu 


Building  a  Rock  Solid 
Storage  Strategy 

Database  File  Tech's  reputation  as  ‘ The  Fort 
Knox’  of  data  storage  rests  securely  cm  the  DX30. 


The  folks  at  Database  File  Tech  (DBFT) 
understand  the  importance  of  corporate  data. 
In  their  business,  they  have  to.  The  Victoria, 
British  Columbia-based  organization  has  built  a 
sterling  reputation  for  safekeeping  the  electronic 
assets  of  myriad  government  agencies  and 
corporations.  The  company’s  bunker-like  vault 
of  a  building  is  anchored  to  a  mile-wide  plug  of 
solid  rock,  able  to  withstand  a  9.5  earthquake  on 
the  Richter  scale.  So  when  it  came  time  to 
purchase  disk-based  backup  for  their  company, 
small  wonder  the  executives  chose  the  speed 
and  reliability  of  Quantum’s  DX30. 

"People’s  data  is  our  livelihood  here,"  says 
Bob  Gignac,  the  director  of  business  develop¬ 
ment  at  DBFT.  "We  understand  that  corporate 
data  is  critical  to  corporations  worldwide  and 
that  they  need  to  be  able  to  restore  their  data 
quickly  in  the  event  of  a  technical  outage." 

That  need  for  speed  led  DBFT  to  search  for 
a  disk-based  backup  system  in  the  summer 
of  2002.  It  was  becoming  obvious  that  the 
tape-based  storage  systems  from  Quantum’s 
competitors  couldn’t  keep  up  with  the 
demands  of  the  growing  company.  "Fast 
recovery  is  very  important  to  our  clients,"  says 
Gignac.  "If  they  have  a  hard-drive  crash,  they 
need  to  be  up  and  running  in  hours,  not  days. 
Their  businesses  demand  it."  Gignac  and 
Maurice  Auger,  director  of  operations  at  DBFT, 
began  reviewing  the  company’s  backup 
capabilities  to  look  for  a  reliable  alternative 
that  would  allow  faster  restoration  of  client 
data.  They  looked  at  disk-based  products  from 
companies  such  as  EMC,  Network  Appliance 
and  IBM.  While  fast  and  scalable,  these 


products  were  not  simple  to  install  in 
coryimction  with  the  tape  library  already  in  use 
at  DBFT.  Their  integration  and  management 
challenges  caused  Gignac  and  Auger  to  keep 
shopping.  Finally,  Atempo,  DBFT’s 
storage  management  software  provider, 
suggested  that  Gignac  take  a  look  at 
the  DX30  from  Quantum.  It  was  fast, 
scalable  and  didn’t  pose  the  integration 
challenges  inherent  in  many  disk- 
based  storage  subsystems.  DBFT 
signed  up  for  Quantum’s  trial  program 
for  the  DX30  and  was  immediately  hooked.  "It 
tested  at  280  gigabytes  per  hour,"  Gignac  says, 
and  the  fact  that  it  works  seamlessly  with 
Atempo’s  Time  Navigator  meant  that  there 
was  no  integration  problem  at  all — the 
software  recognized  the  DX30  the  minute  it 
was  plugged  in. 

As  for  reliability,  Gignac  says,  "It’s  a  joy.  We 
tested  the  DX30  for  about  five  months  and  it  had 
no  problems  at  all.  Best  of  all,  there  are  no 
worries  about  tapes  deteriorating  or  ripping,  or 
somebody  having  to  change  out  tapes.  That 
factor  isn’t  even  entered  into  the  equation." 

Best  of  all,  DBFT  clients,  who  access  their 
data  via  the  Internet,  "have  near  instant  access 
to  their  data,"  says  Gignac.  "They  don’t  have  to 
wait  for  a  tape  to  be  loaded." 

The  management  team  at  DBFT  is  so  bullish 
on  the  DX30  that  they  plan  to  use  it  extensively 
at  the  new  remote  mirrored  facility  under 
construction  in  Prince  George  at  the  University 
of  Northern  British  Columbia’s  Research  and 
Development  Park.  The  new  site  will  be 
equipped  with  another  DX30  for  its  SANs.  "It’s 
enabling  us  to  branch  out,"  says  Gignac.  "Prior 
to  implementing  the  DX30,  our  market  was 
primarily  Victoria,  B.C.,  due  to  the  physical 
nature  of  tape,  as  well  as  its  transport  and 
archival  requirements.  With  the  DX30,  there  are 
no  geographical  limits  to  our  sendee. " 

In  fact,  Gignac  says  he  can’t  see  the  end 
of  the  demand  for  DX30s  at  his  company. 
"When  you  have  clients  with  terabytes  of  data 
that  they  need  stored,  restored  and  protected, 
the  DX30  is  not  only  a  good  solution  for  our 
clients,  it’s  good  business  for  us." 


a 


For  Bob  Gignac,  director  of 
business  development  at 
Database  File  Tech,  buying  the 
DX30  meant  faster,  more  reliable 
data  backup  and  recovery. 
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FCC  review  looked  at 
as  a  split  decision 


IBM  targets  users 
through  partner  network 


■  BY  MICHAEL  MARTIN 

WASHINGTON,  D.C. —  Industry  observers 
are  split  over  whether  the  unbundling  rules 
the  Federal  Communications  Commission 
issued  last  week  favor  incumbent  local 
exchange  carriers  or  their  competitors. 

While  early  interpretators  viewed  the  de¬ 
cision  as  a  blow  to  the  ILECs,  driving  stock 
prices  down, some  see  it  as  a  win. 

“The  [regional  Bell  operating  companies] 
will  say  they’re  not  happy  because  the  state 
regulators  will  have  a  role”  determining 
how  some  of  the  rules  are  applied,  says 
Thomas  Nolle,  president  of  telecom  con¬ 
sultancy  CIMl.“But  realistically  they  come 
out  of  this  with  the  key  issue,  which  is  basi¬ 
cally  universal  exemption  of  new  broad¬ 
band  infrastructure  from  unbundling.” 

The  momentous  decision,  one  of  the 
most  heavily  lobbied  telecom  issues  in 
recent  years,  deals  with  what  network  ele¬ 
ments  —  broadband  facilities,  lines  and 
switches  —  the  ILECs  have  to  make  avail¬ 
able  to  competitors  on  a  so-called  unbun¬ 
dled  basis.lt  fur¬ 
ther  spells  out 
what  role  states 
will  play  in  dic¬ 
tating  what  will 
be  unbundled. 

On  the  na¬ 
tional  broad¬ 
band  front,  the 
FCC  ruled  that 
the  ILECs  will 
not  have  to 
share  new  fiber 
facilities  to  resi¬ 
dential  areas  or 
businesses.  The 
ILECs  have  long  complained  that  the 
requirement  to  share  new  facilities  served 
as  a  disincentive  to  build  out  new  plant. 

Observers  say  this  ruling  could  encour¬ 
age  the  ILECs  to  start  investing.  But  others 
say  there’s  no  guarantee  that  will  happen, 
in  part  because  the  ILECs  might  have  to  get 
state  approval  before  moving  broadband 
customers  from  copper  networks  to  fiber. 

“The  bottom  line  is  this  day  was  sup¬ 
posed  to  be  a  day  of  clarity,  with  the  gun 
for  investment  in  the  broadband  market 
finally  going  off’’  says  Matthew  Davis,  an 
analyst  with  Tire  Yankee  Group.“But  with 
this  decision,  the  gun’s  still  pointing  up  in 
the  air  unfired.” 

Also  on  the  broadband  front,  the  com¬ 
mission  elected  to  phase  out  line-sharing 
over  the  next  three  years,  a  blow  to  com¬ 
petitive  DSL  providers  such  as  Covad 
Communications. 

Line-sharing  lowers  costs  for  DSL  carri¬ 
ers  by  letting  them  provide  service  over 
the  same  copper  loops  the  ILECs  use  to 
provide  voice  service,  rather  than  having 


to  lease  separate  loops  from  the  LECs  at 
higher  prices. 

The  ILECs  had  argued  that  in  the  resi¬ 
dential  broadband  market  they  have  to 
compete  with  cable  companies  that  don’t 
have  to  share  lines, so  the  ruling  should  be 
removed  to  level  the  playing  field.  Business 
DSL  connections  from  Covad  and  other 
providers  won’t  be  affected  because  these 
lines  already  rely  on  loops  dedicated 
exclusively  to  DSL  service  and  don’t  rely 
on  line-sharing. 

The  switching  rub 

In  terms  of  switching,  FCC  Chairman 
Michael  Fbwell  had  pushed  for  lifting  the 
requirement  for  ILECs  to  make  switch  facil¬ 
ities  available  to  competitors  as  an  unbun¬ 
dled  element  (UNE).  But  the  FCC  majority 
overruled  him,  retaining  the  status  quo,  at 
least  for  the  near  term. 

While  competitive  local  exchange  carri¬ 
ers  (CLEC)  that  rely  on  UNE  switching  to 
deliver  service  won’t  lose  that  capability 
immediately  the  FCC  decision  contains  a 


k  IThe  nation  will  now  embark 
on  51  m^jor  state  proceed¬ 
ings  to  evaluate  what  elements 
will  be  unbundled  and  made 
available  to  CLECs.  9  9 

Michael  Powell 

Chairman,  FCC 


sunset  clause  that  would  see  it  phased  out 
over  three  years  if  a  state  finds  that  compe¬ 
tition  won’t  be  hurt  by  doing  so.  The  FCC 
will  set  the  standards  for  determining 
whether  or  not  phasing  out  UNE  switching 
will  hurt  competition. 

Coleen  Boothby,  a  partner  at  law  firm 
Levine,  Blaszak,  Block  &  Boothby  in 
Washington,  D.C.,  which  specializes  in 
negotiating  telecom  contracts  for  corpo¬ 
rate  clients,  described  the  FCC  decision  as 
a  “dark  day  for  CLECs.” 

But  Drew  Walker,  president  and  COO  of 
1TC  DeltaCom.a  CLEC  in  Georgia, says  the 
FCC  decision  is  neither  a  total  victory  nor 
a  total  defeat  for  companies  like  his.  One 
issue  he  says  he’s  still  not  clear  on  is  how 
the  FCC  will  deal  with  new  packetized  ser¬ 
vices,  such  as  voice  over  IP 

AT&T  issued  a  statement  calling  the  deci¬ 
sion  a  “difficult  compromise.”  AT&T,  which 
resells  UNE  switching,  says  the  decision 
will  help  preserve  the  existing  UNE  struc¬ 
ture.  But  the  carrier  also  says  the  FCC 
See  Ruling,  page  61 


■  BY  ANN  BEDNARZ 

NEW  ORLEANS  —  IBM  is  putting  more 
weight  behind  two  key  objectives:  deliver¬ 
ing  “on-demand”  products  and  services  so 
users  can  adopt  more  flexible,  utility-like 
infrastructures;  and  developing  products 
tailored  for  small  and  midsize  businesses. 

To  bring  its  partners  up  to  speed  with  this 
agenda,  IBM  last  week  unveiled  a  slew  of 
products  and  services  at  its  annual 
PartnerWorld  conference. 

IBM  depends  heavily  on  its  90,000  busi¬ 
ness  partners  —  a  prolific  group  responsi¬ 
ble  for  producing  31%  of  Big  Blue’s  annual 
revenue.  By  embedding,  installing  and  cus¬ 
tomizing  IBM  wares,  independent  software 
vendors  and  resellers  bring  in  customers 
IBM  can’t  get  to,  because  many  are  too 
small  for  IBM  to  reach  through  direct  sales. 

Partners  are  critical  to 
taking  e-business  to  the 
next  phase,  said  Mike 
Borman,  IBM’s  general 
manager  of  global  busi¬ 
ness  partners.  Businesses 
need  to  be  able  to  re¬ 
spond  quickly  when  cus¬ 
tomer  demand  shifts  or 
a  potential  competitor 
emerges,  Borman  said. 

The  challenge  for  IBM 
and  its  partners  is  to  help 
businesses  integrate  IT 
systems  and  processes 
internally  as  well  as  with 
customer  and  supplier  systems. 

“There’s  plenty  of  on-demand  opportun¬ 
ity  for  all  of  us,"  Borman  said.“New  services 
opportunities  for  consultants  and  integra¬ 
tors,  new  application  opportunities  for  soft¬ 
ware  companies,  and  new  hardware  and 
middleware  opportunities  for  resellers, 
solution  providers  and  distributors  —  all  of 
which  will  help  make  our  customers  more 
competitive,  productive  and  cost-efficient.” 

IBM  is  investing  $100  million  in  on-de¬ 
mand  resources  for  its  business  partners, 
Borman  told  attendees.  The  company  an¬ 
nounced  new  training  resources;  assess¬ 
ment  tools  for  analyzing  customers’  on- 
demand  requirements;  sales  tools  such  as 
customer  presentations  and  references; 
and  the  availability  of  26  on-demand  prod¬ 
uct  offerings  for  partners  to  sell,  including 
IBM’s  Express  line  of  infrastructure  soft¬ 
ware  for  small  and  midsize  businesses,  its 
eServer  BladeCenter  family  and  Linux  clus¬ 
tering  gear. 

On  the  small  and  midsize  business  front, 
Big  Blue  unveiled  the  IBM  Small  and 
Medium  Business  Advantage  —  a  $500  mil¬ 
lion  campaign  aimed  at  helping  IBM  part¬ 
ners  penetrate  the  small  and  midsize 
(SMB)  market. 

“SMB  is  the  fastest-growing  customer  seg¬ 


ment  in  the  industry,  with  no  dominant 
market-share  leaded  Borman  said. 

Other  announcements  at  FcirtnerWorld: 

•  Additions  to  IBM’s  Express  line  of  infra¬ 
structure  software,  designed  for  small  and 
midsize  companies  with  between  100  and 
1,000  employees.  DB2  Express,  which  runs 
on  Linux  and  Windows,  features  self-tuning 
and  self-configuring  characteristics  to 
reduce  database  management  complexity 
IBM  Tivoli  Storage  Resource  Manager 
Express  installs  in  as  few  as  15  minutes  and 
is  designed  for  deployment  on  single¬ 
processor  desktops,  the  company  said.Two 
Lotus  Domino  Express  products  tackle 
e-mail  and  collaborative  applications. 

•  IBM  Community  Tools  is  Big  Blue’s  new 
suite  of  peer-to-peer  applications  for  con¬ 
necting  IBM  eServer  iSeries  users  with 
each  other  and  with  IBM  business  partners 

via  one-to-many  instant 
messaging.  IBM’s  goal  is 
to  make  it  easier  to 
exchange  technical  in¬ 
formation  and  re¬ 
sources.  The  suite  in¬ 
cludes  a  messaging 
client  that  combines 
IBM  MQ  Event  Broker 
for  broadcast  messag¬ 
ing,  IBM  Lotus  Sametime 
for  enterprise  instant 
messaging,  and  Web  ser¬ 
vices  running  on  Web¬ 
Sphere  and  DB2. 

•  IBM  Solutions  Grid 
for  Business  Fortners  provides  a  grid-com¬ 
puting  environment  in  which  vendors  can 
run  their  applications  in  a  simulated  dis¬ 
tributed  computing  environment. Giving  its 
partners  access  to  IBM  testing  infrastruc¬ 
ture  will  help  vendors  deliver  grid  products 
more  quickly  because'they  won’t  have  to 
build  test  setups,  IBM  said. 

•  IBM  announced  that  Nortel  is  building 
advanced  LAN  switches  for  IBM’s  eServer 
BladeCenter  line.  The  Nortel  switch  mod¬ 
ules  will  enable  traffic  management 
among  the  server  blades  and  let  users  con¬ 
solidate  dedicated  switches,  routers  and 
appliances  that  provide  traffic  manage¬ 
ment,  IBM  said. 

•  New  storage  products,  including  the 
TotalStorage  FAStT  900  midrange  disk  stor¬ 
age  array;  and  TotalStorage  Linear  Tape- 
Open  Ultrium  2  drive,  designed  for  archiv¬ 
ing  and  disaster  recovery,  which  doubles 
the  capacity  and  speed  of  previous  mod¬ 
els,  according  to  IBM. 

•  IBM’s  software  group  unveiled  “Web 
services  on-demand”  programs  for  devel¬ 
opers,  customers  and  business  partners. 
The  goal  is  to  improve  Web  services  skills 
and  speed  up  Web  services  adoption  in 
the  financial  services,  insurance  and  man¬ 
ufacturing  industries,  IBM  said.B 


IBM  business  partners 
contributed 

$25 

billion 

to  its  $81  billion  2002 
revenue. 


©2003  Quantum  is  a  trademark  of  Quantum  in  the  United  States  and  other  countries.  All  other  trademarks  are  the  property  of  their 
respective  companies.  Specifications  are  subject  to  change  without  notice.  For  more  information,  call  1-866-827-1 500. 


The  leader  in  data  protection  introduces  the  new  "best  practice"  for  backup.  With  backup  windows  shrinking 
and  data  restore  time  more  critical  than  ever,  the  Quantum  DX30  is  the  logical  next  step  in  data  protection.  With 
the  Quantum  DX30,  you  can  now  take  advantage  of  the  speed  of  disk-based  storage  to  backup  and  archive  in  less 

time,  with  greater  confidence,  and  zero  changes  in  your  existing  hardware,  software 
and  operational  procedures. 

Buckle  up  for  backup  speeds  that  exceed  288GB/hour!  The  Quantum  DX30  enhances 
existing  tape  libraries  by  separating  the  backup  target  from  the  backup  archive.  And 
DX30  provides  data  transfer  rates  that  surpass  288GB/hour,  both  the  backup  and  restore 
d.  At  the  same  time,  the  Quantum  DX30  utilizes  RAID-protected  disks  to  boost 
:ompletion  beyond  99%! 

Only  Quantum  could  rewrite  the  book  on  backup.  Leveraging  over  a  decade  of 
experience  in  data  protection,  Quantum  developed  the  most  cost-effective  way  to  bridge 
the  gap  between  traditional  backup  systems  and  the  complex  and  costly  practice 
of  mirroring  and  replication  hardware  and  software.  The  result  is  the  Quantum  DX30. 


Quantum 

DX30 


because  the  Quantum 
windows  are  minimize 
confidence  in  backup  < 


Get  up  to  speed  and  receive  a  chance  to  win  a  Cannondale  bicycle  worth  over  $2,500.  Visit  us  on 

the  Web  at  www.quantum.com/DX30/ad  to  get  a  free  copy  of  "Disk-Based  Backup  —  The  Next  Generation  of 
Enhanced  Backup  Solutions"  and  register  to  win. 

Speed.  Intelligence.  Confidence.  From  the  world's  leader  in  data  protection. 
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Polycom  bolsters  video  net  wares 


Conferencing  everywhere 

Polycom  slowly  is  combining  the  fruits  of  its  PictureTel 
and  Accord  acquisitions  into  a  set  of  products  that 
combine  the  best  of  audio,  video  and  data  collaboration. 

Strengths 

•  Can  offer  complete  package  from  audio  and  video  endpoints 
to  network  equipment  with  software  to  manage  it  all. 

•  Can  offer  variety  of  endpoint  types,  including  set-top  appliances 
PC-based  systems  and  room-based  executive  systems. 

•  Supports  proposed  H.264  video  standard,  which  helps  cut  in 
half  the  amount  of  bandwidth  needed  for  a  quality  video  call. 

Challenges 

•  While  H.264  is  good,  it's  not  ratified  as  a  standard  yet,  so  there 
could  be  minor  tweaks  still  to  come. 

•  Stiffer  competition  from  video  endpoint  makerTandberg  and 
Web  conferencing  services  such  asWebEx. 

•  As  3G  wireless  proliferates,  the  company  will  need  to  mix  video 
capabilities  of  newer  phones  with  traditional  videoconferencing. 


■  BY  JASON  MESERVE 

PLEASANTON,  CALIF  —  After 
years  of  product  acquisition  and 
integration  work,  Fblycom’s  goal 
of  helping  customers  use  video, 
audio  and  data  conferencing  on 
any  network  from  just  about  any 
endpoint  could  finally  be  coming 
to  fruition. 

The  company  this  week  will  roll 
out  a  variety  of  enhancements, 
from  new  appliance  software  to 
new  videoconferencing  end¬ 
points,  intended  to  ease  customer 
management  of  conferencing  re¬ 
sources,  improve  IP  connections 
with  lower  bandwidth  require¬ 
ments,  and  simplify  mixing  of 
voice  and  video  on  a  single  call. 

In  2001,  Polycom  acquired  rival 
PictureTel  and  network  equip¬ 
ment  maker  Accord  Networks  in 
an  effort  to  provide  a  more 
rounded  offering  of  voice,  video 
and  data  collaboration  products, 
although  it’s  taken  the  better  part 
of  two  years  to  get  all  the  groups 
on  the  same  page.The  moves  also 
helped  set  Polycom  apart  from 
competitors  such  as  Tandberg 
and  VCON,  which  offered  only 
pieces  of  the  puzzle,  not  the  en¬ 


tire  picture,  experts  say 

For  network  executives,  the  key 
features  of  the  announcement 
are  in  the  enhanced  software  for 
Polycom’s  multipoint  control 
units  (MCU),  which  connect  mul¬ 
tiple  sites  and  round  them  into  a 
single  call.  Version  5.0  of  the  soft¬ 
ware  for  the  company’s  current 
MGC-100  and  MGC-50  MCUs,  as 
well  as  a  new  MGC-25  for  small 
offices,  now  support  the  soon-to- 
be-ratified  H.264  video  standard. 
H.264  delivers  the  same  video 
quality  at  384K  bit/sec  that  previ¬ 
ous  codecs  delivered  at  768K 
bit/sec,  says  Mark  Roberts,  prod¬ 
ucts  sales  director  at  Polycom. 
With  this  support  users  get  the 
same  TV-quality  video  at  half  the 
bandwidth  cost. 

Also,  5.0  lets  the  MGC  line  han¬ 
dle  audio  and  video  callers  in  the 
same  physical  conference,  rather 
than  stringing  together  an  audio- 
only  call  with  a  video  call,  as  is 
required  today  The  number  of 
endpoints  that  can  be  connected 
to  a  physical  call,  without  having 
to  cascade  into  a  second  physical 
call,  also  has  been  increased. 

“I  can  now  do  32  sites  in  one 
video  call  without  cascading  to 


another  call,” says  Guy  Welty  man¬ 
ager  of  global  media  networks 
and  collaborative  services  at  spe¬ 
cialty  chemicals  and  material 
company  WR.  Grace  in  Colum¬ 
bia,  Md.,  which  has  been  testing 
Version  5  for  a  few  weeks.  Pre¬ 
viously  if  12  sites  were  in  a  con¬ 
ference  they  would  have  to  be 


cascaded  in  two  separate  calls. 
“This  makes  it  easy  on  us,  be¬ 
cause  we  don’t  have  to  worry 
about  multiple  links,  and  it’s  easi¬ 
er  to  manage  and  set  up.  Anything 
you  can  do  to  tighten  up  mistakes 
is  good  for  you,”  Welty  says  about 
the  upgraded  product. 

See  Polycom,  page  60 


HIPAA-compliant  back-up  device  on  tap 


r - 1 

HIPAA  deadlines 

Healthcare  organizations  have  many  deadlines  to 
keep  an  eye  on  to  become  HIPAA-compliant. 

■ 

Details 

April  14, 2003 

Privacy  Act  for  large  health  plans. 

April  16, 2003 

Electronic  Health  Care  Transactions  and  Code  Sets  —  systems 
and  software  testing  starts. 

Oct.  16, 2003 

Electronic  Health  Care  Transactions  and  Code  Sets  —  all  entities 
that  Tiled  extensions  and  small  health  plans. 

Privacy  Act  for  small  health  plans. 

April  14, 2004 

July  30, 2004 

Employer  Identifier  Standard  for  large  health  plans. 

Aug.  1, 2005 

Employer  Identifier  Standard  for  small  health  plans. 

-  ■ 

■  BY  DENI  CONNOR 

COLORADO  SPRINGS  —  Back¬ 
up  appliance  vendor  Storserver  is 
expected  to  announce  this  week 
one  of  the  first  storage  devices 
that  conforms  to  new  govern¬ 
ment  privacy  rules  and  regula¬ 
tions  for  healthcare  institutions 
and  hospitals. 

The  H1PAA  Conforming  Stor¬ 
server  Backup  Appliance,  a  com¬ 
bination  of  hardware,  software 
and  services,  enables  customers 
to  comply  with  the  new  Health  In¬ 
surance  Portability  and  Account¬ 
ability  Act  of  1996  guidelines, 
which  go  into  effect  Oct.  16. 

Storserver  partnered  with  a  HIPAA  consul¬ 
tant  and  training  company  PDM  Consulting, 
to  develop  the  back-up  appliance,  software, 
training  and  associated  StorserverPDM 
Services.  The  Storserver  package,  which  is 
aimed  at  large  companies,  includes  the  back¬ 
up  appliance,  which  consists  of  disk  and  tape 
drives,  and  software  that  lets  it  store  data  in 
such  a  way  as  to  conform  with  HIPAA  priva¬ 
cy,  retrieval  and  security  regulations.  It  also 
can  contain  optional  consulting  services  to 
assist  customers  in  implementing  and  meet¬ 


ing  patient  privacy  and  security  guidelines, 
and  HIPAA-specific  training,  documentation, 
back-up,  archiving  and  disaster-recovery  ser¬ 
vices. 

Patient  data  is  backed  up  initially  to  the 
Storserver  disk  as  changes  to  data  take  place, 
ensuring  that  data  can  be  restored  complete¬ 
ly  if  a  failure  occurs.That  data  is  later  backed 
up  to  tape  drives  contained  in  Storserver  for 
archival  purposes.  When  data  is  backed  up,  a 
unique  ID  is  assigned  to  each  piece  of  data, 
which  lets  all  the  information  related  to  a 
patient  be  retrieved  from  disk  or  tape  by  his 


name,  account  number  or  other 
identifier.  Storserver  uses  Tivoli 
Storage  Manager  to  back  up, 
archive  and  retrieve  data. 

The  Storserver  back-up  appli¬ 
ance  meets  HIPAA  mandates  for 
administrative  simplification  that 
relates  to  sending  and  receiving 
health  information,  providing  pri¬ 
vacy  and  security  of  patient  data, 
and  electronic  signature  stan¬ 
dards. 

The  appliance  attaches  to  the 
network  via  Gigabit  Ethernet  con¬ 
nections  and  to  a  storage-area 
network  (SAN)  via  SCSI  connec¬ 
tions.  It  will  back  up  data  directed 
to  it  from  SANs,  network-attached  storage 
devices  or  network  file  servers. 

A  variety  of  vendors  have  storage  products 
designed  for  HIPAA.  Among  them  are  EMC 
with  its  Centera  system,  Xiotech  with  its  SAN- 
builder  for  Healthcare  bundle  and  Storage- 
Tek’s  Healthcare  Enablement  packages. 

The  HIPAA  Conforming  Storserver  Backup  f 
Appliance  starts  at  $20,000  for  two  terabytes 
of  disk  capacity.  Training  employees  on 
HIPAA  starts  at  $150  per  person  and  consult¬ 
ing  services  costs  $2,500  per  day 
Storserver:  www. storserver.com 
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In  a  world  where  there’s  a  different  kind  of  threat  every  day,  you  need  a  different  kind  of  security. 

New  threats  can  blow  through  any  firewall  or  anti-virus  software.  That's  why  you  need  the  RealSecure®  Protection 
System.  It  dynamically  detects,  prevents  and  responds  to  an  ever-changing  spectrum  of  online  threats  to  your  business. 
RealSecure  protects  your  networks,  servers  and  desktops.  And  it  provides  powerful,  centralized  management  that's 
both  simple  and  cost-effective.  No  matter  who  you're  up  against.  Call  us  at  800-776-2362.  Or  visit  www.iss.net/nww. 
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Cometa  CEO  reveals  further  details  on  start-up 


Cometa  Networks ,  a  start-up  founded 
in  December  by  a  group  including 
AT&T  Wireless,  IBM  and  Intel  Capital, 
plans  to  build  20,000  802. 1  lb  (or  Wi¬ 
Fi)  public-access  hotspots  in  the  US. 
designed  for  1 1  million  laptop-lugging 
enterprise  VPN  users.  CEO  Larry 
Brilliant  recently  outlined  the  compa¬ 
ny's  progress  for  Network  World 
Senior  Editor  John  Cox. 

So  what's  been  happening  since  December? 

Were  looking  for, and  have  signed, some 
resellers  [carriers  and  service  providers] 
and  some  real-estate  owners  [such  as 
retail  chains]. We’ll  announce  these  in  a 

few  weeks.  Of  the  25  or  so  service  providers  that  offer  DSL,  cable,  dial-up, 
Ethernet  or  cellular  services,  we  want  to  partner  with  them  all. 


You've  got  these  giant  companies  behind  you.  What's  taking  so  long? 

Cometa  is  not  a  joint  venture.  It’s  a  start-up.  We  just  happen  to  be  a  start-up  with 
wonderful  partners.  But  we  face  all  the  challenges  that  any  start-up  faces:  We 
have  lots  of  resumes  coming  in,  but  no  one  person  devoted  to  going  through  all 
of  them.  We  still  have  to  find  our  own  auditors,  our  own  health  insurance  cover¬ 
age  and  so  on. 

When  we  attend  meetings  with  a  carrier,  they  bring  in  40  people  and  we  send 
two. They  say, ‘Where  are  the  rest  of  you?’  God  forbid  if  we  have  three  meetings  in 
one  day 

But  you  still  expect  to  meet  your  goals,  even  though  you  haven't  started  actually  building 
Wi-Fi  hotspots? 

We’ll  have  5,000  hotspots  by  the  end  of  2003  or  the  first  quarter  of  2004.That 
will  be  more  hotspots  in  the  U.S.from  one  vendor  than  anyone  has  now. Two 
years  from  now,  we’ll  have  20,000  in  the  top  20  metropolitan  statistical  areas. 

Many  companies  are  trying  to  get  into  the  public-access  Wi-Fi.  How  is  Cometa  different? 

We  spent  nine  months  [before  launching  in  December]  with  40  full-time  pro¬ 
fessionals  from  IBM,  Intel  and  AT&T.  We  interviewed  CIOs,  CFOs  and  CEOs.  We 
did  original  research  on  the  corporate  road  warriors.  Each  [founding]  partner 
had  its  own  interests  and  assets.  And  our  venture  capitalists  wanted  a  capital-lite 


EXECUTIVE  PROFILE: 
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Title: 

CEO  of  Cometa  Networks 

Past  accomplishments: 

•  Personal  physician  to  the  late  Jerry 
Garcia  of  the  Grateful  Dead. 

•  Organizer  of  an  effort  to  wipe  out 
smallpox  in  India. 

•  Entrepreneur  in  an  array  of  high- 
tech  start-ups,  including  one  that 
birthed,  with  Stewart  Brand, The 
Well,  one  of  the  first  and  most 
influential  online  communities. 


model  that  would  offload  the  costs  onto  the 
manufacturing  partners. 

This  led  us  to  the  wholesale  model.  We  use 
our  partners’  resources  to  install  and  support 
the  access  points,  to  integrate  with  billing  sys¬ 
tems,  to  negotiate  with  real  estate  owners  and 
so  on.  All  the  things  like  branding,  billing,  cus¬ 
tomer  acquisition  and  customer  service  we 
leave  to  the  carriers  and  service  providers, 
which  already  are  doing  this  for  pennies.  By 
leveraging  the  resources  of  all  these  partners, 
we  created  something  that  has  real  value  to 
the  enterprise  executives  and  real  staying 
power. 


Why  does  it  have  value  for  them? 

The  CIO  will  mandate  that  hotspot  service 
be  bulletproof, secure,  available  24-7,  and  has  client  software  that  lets  the  enter¬ 
prise’s  VPN  work  robustly  from  the  hotspot  locations.The  CFO  will  say  ‘Get  me  a 
billing  system  that  shows  me  how  many  of  our  left-handed  marketeers  in  Detroit 
suburbs  are  using  Wi-Fi  after  5  p.m.’ 

No  [company]  will  trust  the  most  important  corporate  processes  to  some  kind 
of  freenet  Wi-Fi.  It’s  just  not  going  to  happen. 

And  this  will  work  even  though  you're  ignoring  the  consumer  market9 

For  us,  802.1 1  is  not  a  consumer  play 

Our  market  initially  is  1 1  million  laptop-lugging, VPN-accessing  dial-up  users  — 
corporate  road  warriors  who  travel  during  their  day  and  desperately  seek  a 
remote  or  satellite  office  for  their  VPN  [connection  to  the  enterprise  net]  .Their 
VPN  is  their  life. 

These  1 1  million  users  are  different  from  everyone  else. They  need  an 
expanded  definition  of  what  an  office  is,  so  they  can  get  onto  their  VPN  when¬ 
ever  they  go  to  a  hotel  conference  room,  a  restaurant,  an  airport  and  so  on. 

A  Krispy  Kreme  donut  shop  as  a  corporate  office  for  Ford? 

If  you  have  a  connection  back  to  the  Internet  with  broadband  tunneling  and 
a  place  to  sit  down, you’ve  got  your  office.  If  ultimately  you  [also]  have  voice 
over  IP  you  have  phone  and  data.  This  is  where  the  workforce  is  going.  I’ve 
been  in  awe  of  IBM’s  capacity  in  this  area.  Something  like  50%  of  the  IBM  work¬ 
force  does  not  have  an  office  per  se:They  work  from  home  and  from  com¬ 
bined-use  locations.  It’s  the  only  way  corporations  can  afford  to  compete.  ■ 


Microsoft  acquisition  targets  data  centers 


■  BY  JOHN  FONTANA 

REDMOND,  WASH. —  Microsoft  last  week 
acquired  technology  that  it  says  not  only 
will  help  Windows  NT  4  users  with  migra¬ 
tions  and  server  consolidations,  but  also  is 
a  step  toward  the  company’s  goal  of  infil¬ 
trating  corporate  data  centers. 

Microsoft  acquired  three  virtual-machine 
products,  including  the  corresponding  en¬ 
gineering  teams  and  support  organiza¬ 
tions,  from  privately  held  Connectix.  Terms 
of  the  deal  were  not  disclosed. 

A  virtual  machine  lets  multiple  operating 
systems  run  on  a  single  server  or  desktop. 

The  three  products  include  software 
under  development  called  Virtual  Server, a 
native  Windows-based  server  application 
that  lets  Windows  operating  systems, 


Linux,  Unix  and  OS/2  run  concurrently  in 
virtual  machines.  Microsoft  plans  to  ship  a 
beta  version  by  midyear  and  a  general 
release  by  year-end. 

The  other  two  products  are  Virtual  PC  for 
Windows,  which  lets  various  versions  of 
Windows,  and  NetWare,  IBM  OS/2  and 
Linux,  run  on  the  same  desktop;  and  Virtual 
PC  for  Mac,  which  lets  Windows  applica¬ 
tions  run  on  the  Macintosh. 

Microsoft  says  Virtual  Server  will  let  the 
company’s  NT  4  installed  base  take  indi¬ 
vidual  NT  applications  running  on  sepa¬ 
rate  servers  and  consolidate  them  onto  a 
single  box  running  alongside  Windows 
2000  or  Windows  Server  2003. 

1DC  predicts  that  75%  of  large  corpora¬ 
tions  will  consolidate  portions  of  their 
servers  this  year,  with  the  Win  2000/NT 


market  spending  more  than  $1.3  billion  to 
do  so. 

“Users  have  said  they  don’t  want  abrupt 
change  where  they  are  forced  to  migrate 
all  at  once,  and  they  don’t  want  to  have 
multiple  servers  in  use  during  migrations,” 
says  Dan  Kusnetzky,  program  director  for 
operating  environments  and  serverware 
at  IDC. 

But  he  says  the  Connectix  products 
might  force  Microsoft  to  do  two  things  it 
doesn’t  want  to  do:  support  a  product  that 
runs  Linux,  and  change  its  licensing 
model. 

“Microsoft  licensing  is  device-focused,” 
he  says.“In  the  virtual  world,  that  licensing 
is  not  very  equitable.” 

But  those  might  be  short-term  issues, 
experts  say,  because  Microsoft  wants  to 


move  Windows  into  the  corporate  data 
center  and  compete  with  Unix  and  main¬ 
frame  system  suppliers.To  do  that.it  needs 
virtual  machine,  partitioning  and  work¬ 
load  management  tools. 

The  company  has  a  first-generation 
workload  management  tool  slated  to  ship 
with  Windows  Server  2003  called 
Windows  System  Resource  Manager. 

“Virtual  Server  is  not  a  magic  bullet,  but 
it’s  an  important  technology  for  their  port¬ 
folio,"  says  Gordon  Haff,  an  analyst  with 
Uluminata. 

Haff  says  Microsoft  eventually  will  bake 
the  technology  into  the  operating  system. 

“All  Unix  virtualization  is  baked  into  the 
[operating  system],  and  that  is  where 
Microsoft  needs  to  take  this  product,"  he 
says.B 
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From  IkW  to  5MW,  PowerStruXure  architecture  provides  a  patent-pending,  integrated 
approach  to  building  data  center  infrastructure  utilizing  standardized,  pre-assembled 
components. 
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Nortel,  Ericsson,  and  Siemens. 
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you  no  longer  need  to  design  your  data 
center  using  an  outmoded  approach. 
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Reader's  Choice  Award  for  Best  High  Availability 
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at  FOSE,  March  2002. 
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scalable  infrastructure  for 
managing  the  power  to 
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Microsoft  Technology  Center,  Silcon  Valley 
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ALASKA  AIRLINES 
CHOOSES  QWEST. 

Of  course  our  technology  played  a  role  in 
winning  the  business.  But  it’s  the  people  who 
come  with  the  technology  that  get  the  job 
done  right.  Because  we  are  passionate  about 
service.  That’s  why  Alaska  Airlines  looks  to 
Qwest5  for  the  right  solution.  In  this  case,  a 
customized  self-healing  network  to  link  their 
Seattle-based  operations.  And  there’s  a 
real  relationship  here.  Because  we  share 
enthusiasm  for  their  success.  And  listen. 
Anticipate.  And  deliver.  It’s  a  little  something 
extra  called  the  Spirit  of  Service.  Actually, 
it’s  a  big  something.  And  it  separates  us  from 
the  rest  of  the  pack. 
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Spirit  of  Service 


To  find  out  how  we  can  put  the  Spirit  of  Service  to  work 

for  you,  visit  us  at  qwest.com  or  call  us  at  1  800-743-3793 
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P/IP,  LAN/WAN  SWITCHES 
ROUTERS  ■  HUBS 
ACCESS  DEVICES  ■  CLIENTS 
SERVERS  ■  OPERATING  SYSTEMS 
VPNS  ■  NETWORKED  STORAGE 


■  HP  last  week  launched  two  new 
eight-processor  Intel  Xeon  servers. 
The  ProLiant  DL760  and  DL740  are 

rack-mountable:  The  DL760  is  71)  high; 
the  DL740  is  11U  high.  Each  server 
can  swap  out  failed  memory  without 
taking  the  server  down.  The  DL760  is 
available  starting  at  $28,000;  the 
DL740  will  be  available  within  30  days 
for  $25,000.  www.hp.com 

■  IBM  extended  the  fault-tolerant  fea¬ 
tures  of  its  high-end  systems  into 
midrange  storage  arrays  last  week. 
The  company  announced  the  Total- 
Storage  Linear  Tape-Open  Ultr- 
ium  2  drive  and  the  TotalStorage 
FAStT  900  storage  array.  The  Total 
Storage  Linear  Tape-Open  Ultrium  2 
drive,  designed  for  archiving  and  dis¬ 
aster  recovery,  has  as  much  as  double 
the  capacity  and  speed  of  previous 
models.  It  operates  at  35M  byte/sec 
and  contains  200G-byte  storage  car¬ 
tridges.  It  consists  of  two  models;  the 
3580,  with  one  drive  and  one  car¬ 
tridge;  and  the  3584,  which  is  scalable 
to  as  much  as  a  petabyte  of  data.  The 
TotalStorage  FAStT  900  has  more 
than  doubled  the  performance  over 
previous  models  with  the  addition  of 
new  2G  bit/sec  Fibre  Channel  con¬ 
trollers.  IBM  expects  the  TotalStorage 
FAStT  900  to  be  available  next  month 
starting  at  $75,000.  The  tape  drives 
are  shipping  now  starting  at  $6,200; 
the  3584  starts  at  $75,000. 
www.ibm.com 

■  Storability  Software  last  week 
announced  a  new  version  of  its 

Global  Storage  Manager  software. 
Version  3.5  includes  enhanced  man¬ 
agement  capabilities  for  provisioning 
across  EMC,  Ft P,  Hitachi  Data  Sys¬ 
tems  and  Storage Tek  arrays.  It  also 
automatically  identifies  improperly 
configured  or  unused  storage  capac¬ 
ity.  The  software  now  also  includes 
policy-based  management  capability 
that  lets  customers  set  thresholds 
that  can  determine  when  additional 
capacity  is  needed.  The  software  is 
available  now  and  is  priced  by  the 
number  of  devices  and  sites  managed. 
www.storability.com 
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West  Point  learns  wireless  lessons 


■  BY  JOHN  COX 

The  U.S.  Military  Academy  at  West 
Fbint  is  deploying  an  802.11  a,  54M 
bit/sec  wireless  LAN  as  part  of  a 
new  strategy  to  create  a  much  more 
interactive  classroom,  where  cadets  are 
not  simply  passive  listeners  to  an  infor¬ 
mation  broadcast  by  a  teacher,  but 
active  participants.  A  high-speed  wire¬ 
less  LAN  is  one  element  in  creating  this 
interactivity 

Traditionally,  a  professor  would  ex¬ 
plain  why  it  was  so  important  for  Col. 
Joshua  Chamberlain  to  hold  the  Union 
Army’s  left  flank  at  Little  Round  Top 
during  the  Civil  War  Battle  of  Gettys¬ 
burg.  But  with  the  wireless  classroom 
and  a  variety  of  specialized  applica¬ 
tions  on  laptops  and  servers,  cadets  can 
run  a  computerized  simulation  to  see 
the  consequences  of  failing  to  hold  that 
critical  hill. 

Wireless  LANs  are  making  it  cost- 


effective  for  the  academy  to  give  each 
student  this  capability  says  Col.  Donald 
Welch,  the  academy’s  associate  dean 
for  information  and  education  technol¬ 
ogy  “It  would  be  a  lot  more  expensive, 
and  much  less  flexible,  to  make  every 
classroom  ‘information  rich’  by  wiring 
desktop  computers  [instead  of  using 
wireless  LANs] "  he  says. 

In  the  fall  of  2002,  the  academy 
deployed  a  large-scale  pilot  network  of 
105  802.11a  access  points  from  SMC 
Networks,  covering  classrooms  in  the 
biggest  academic  building.  Based  on 
that  experience,  the  IT  group  deployed 
the  wireless  net  in  two  other  buildings 
and  is  working  now  on  the  fourth.  By 
August,  when  the  Class  of  2007  enters, 
there  will  be  369  802.1  la  access  points, 
one  in  every  classroom  and  lab.  Every 
cadet  will  have  a  wireless  laptop. 

There  were  two  interrelated  reasons 
for  choosing  802.11a,  Welch  says  — 
higher  bandwidth  and  throughput,  and 


eight  nonoverlapping  channels  for 
clients,  compared  with  three  channels 
for 802. lib. When  channels  overlap, the 
interference  causes  throughput  to 
plummet.  To  create  802.11b  wireless 
“cells”  with  nonoverlapping  channels 
on  multiple  floors  in  a  building,  we 
have  to  spread  out  the  access  points, 
Welch  says.  That  means  more  users  per 
access  point,  vying  for  a  throughput  of, 
typically,  about  5M  to  6M  bit/sec. 

“With  802.11a,  we  can  put  an  access 
point  in  every  classroom,  and  there’s  no 
more  than  19  people  sharing  that  higher 
bandwidth  [throughput  of  roughly  17M 
to  21M  bit/sec], ’’Welch  says. 

The  academy’s  IT  group  evaluated 
four  802.1  la  vendors.“SMC  is  a  low-end 
access  point,  without  much  in  the  way 
of  bells  and  whistles, "Welch  says. 

By  contrast,  another  vendor  offered 
more  features,  but  at  five  times  the 
cost.  More  importantly  all  the  products 
See  West  Point,  page  20 


XML  device  could  reduce  XML-related  bottlenecks 


■  BY  ANN  BEDNARZ 

CAMBRIDGE,  MASS.  —  DataFbwer  Tech¬ 
nology  last  week  released  an  upgraded 
version  of  its  XML  appliance,  aimed  at  help¬ 
ing  companies  reduce  network  bottle¬ 
necks  associated  with  securing  and  trans¬ 
porting  XML  documents. 

The  XA35  XML  Accelerator  2.0  offers 
compression  and  security  handling  fea¬ 
tures,  in  addition  to  its  core  XML  parsing 
and  processing  capabilities.  Specifically, 
the  lU-high  rack-mountable  network  de¬ 
vice  can  handle  Secure  Sockets  Layer 
(SSL)  acceleration,  eliminating  the 
need  for  users  to  maintain  separate 
devices  for  handling  XML  encryp¬ 
tion,  DataFbwer  says. 

Its  built-in  compression  capabili¬ 
ties  can  reduce  the  size  of  an  XML  docu¬ 
ment  by  as  much  as  90%,  DataFbwer  says. 

Compression  is  key  when  it  comes  to 
XML,  which  has  a  reputation  for  being  a 
bandwidth  hog  because  of  its  text-based, 
self-describing  format.  XML  documents 
can  be  from  three  to  20  times  larger  than 


XML  express 

The  new  version  of  DataPower's 
XA35  XML  Accelerator  takes  on 
XML  processing  chores. 

•  Offers  SSL  acceleration  to  ease 
network  bottlenecks. 

•  Handles  XML  compression  to 
reduce  document  sizes  by  up  to 
90%. 

•  Includes  Gigabit  Ethernet  support. 


a  comparable  binary  or  alternate  text  file 
representation,  according  to  research  firm 
ZapThink.  To  combat  XML’s  overhead, 
DataFbwer  and  competitors  such  as  For¬ 
um  Systems  and  Sarvega  have  devised 
appliances  designed  to  offload  XML  pro¬ 
cessing  from  traditional  servers,  which 


can  get  bogged  down  translating  and 
routing  XML  documents. 

Version  2.0  also  features  two  1G  bit/sec 
ports,  in  place  of  four  10/100M  bit/sec 
ports  included  in  the  first  version. 

DataFbwer  added  SSL  and  Gigabit  Ether¬ 
net  support  so  that  companies  could  di¬ 
vert  more  processing  chores  to  the  XA35, 
which  sits  behind  a  firewall  and  in  front  of 
Web  and  application  servers,  freeing  up 
server  CPUs  and  reducing  network  bottle¬ 
necks,  says  Eugene  Kuznetsov,  president 
and  CTO  at  DataFbwer. 

“XML  has  tremendous  business  benefits 
—  it  cuts  costs,  makes  it  possible  to 
be  more  flexible  and  support  multi¬ 
ple  devices,  and  allows  easy  integra¬ 
tion  with  trading  partners  —  but  it 
has  certain  problems.  Performance 
is  one  of  them,”  he  says. 

One  of  the  first  companies  to  deploy 
DataFbwer’s  upgraded  appliance  is  tele¬ 
conferencing  services  provider  Leader 
Technologies.  The  Columbus,  Ohio,  com¬ 
pany  offers  low-rate  teleconferencing 
See  DataPower,  page  20 
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■  was  talking  to  Mark  McClain  at  Waveset 
Technologies  the  other  day,  discussing 
what’s  new  in  the  area  of  identity  man¬ 
agement  (McClain’s  LightHouse  product 
line  is  among  the  industry  leaders  in  most 
identity  categories)  when  the  subject  of 
free  software  arose.  We  weren’t  speaking 
about  open  source  products  but  about 
Novell’s  offer  of  250,000  eDirectory 
licenses  to  anyone  who  asks  for  them.  Mark 
reminded  me  that  there’s  no  such  thing  as 
a  free  cat. 

If  you’re  a  parent, you’ve  probably  faced 
this  issue.  Your  child  comes  in  the  house 
one  day  with  the  big  news  that  Mr.  Jones 


Software  costs:  There  are  no  free  kittens 


or  Mrs.  Smith  has  a  cat  with  a  brand-new 
litter  of  kittens,  which  they  want  to  GIVE 
AWAY!  “They’re  free,  mom,”  your  beaming 
offspring  says.  Free,  as  in  two  or  three  trips 
to  the  vet,  shots  and  pills,  dishes,  bowls 
and  litter  trays  not  to  mention  litter,  food 
and  drink.  Then  there’s  wear  and  tear  on 
the  furniture,  carpet,  curtains  and  any 
small  mammals,  birds,  fish  or  reptiles  that 
are  already  in  residence. 

Now  I’m  not  saying  that  Novell  is  out  to 
bankrupt  you.  I’m  also  not  saying  that  pay¬ 
ing  a  lot  for  something  is  better  than  get¬ 
ting  it  for  free.  My  point  is  that  you  have  to 
look  beyond  the  unit  cost  into  the  total 
cost  of  ownership,  which,  although  it’s  a 
very  well-worn  phrase  is  still  applicable  to 
technology-buying  decisions. 

Here’s  just  one  example  (and,  again,  I’m 
not  picking  on  Novell  on  purpose!).  You 
decide  that  you  need  a  new  application 
that  runs  on  top  of  a  Structured  Query 
Language  database.  You’re  already  run¬ 


ning  NetWare  6,  so  you  could  add  (for 
free)  the  Open  Source  MySQL  database. 
You  could  also  decide  to  purchase 
Microsoft’s  SQLServer  (running  on 
Windows  2000)  or  Oracle  9i  running  on 
Linux  (the  Linux, at  least,  is  relatively  free). 
Which  one  is  the  best  deal?  I  can’t  tell  you 
because  it’s  very  dependent  on  your  own 
circumstances.  However,  the  Novell 
answer  has  the  lowest  initial  outlay  while 
the  Oracle  on  Linux  is  probably  the  most 
expensive  to  purchase  in  upfront  costs. 
But  what  will  support  cost  you?  What 
about  hardware  cost?  Do  you  need  a  data¬ 
base  administrator,  and  what  will  that 
cost?  Will  the  application  run  on  the  cho¬ 
sen  platform  without  modification,  or  will 
you  need  to  engage  a  consultant?  Make 
sure  you  consider  everything  before  you 
say  yes  to  that  kitten. 

Kearns,  a  former  network  administrator, 
is  a  freelance  writer  and  consultant  in 


Silicon  Valley.  He  can  be  reached  at 
wired@vquill.  com. 


Tip  of  the  Week 


Everyone  I  spoke  to  had  a 
wonderful  time  (and 
|  learned  a  lot)  at  NetPro’s 
Directory  Experts  Conference 
for  eDirectory.  If  you’re  in- 
I  volved  in  Active  Directory 
E  management  or  program- 
|  ming,  you  need  to  consider 
1  the  DEC  for  Active  Direc- 
|  tory  coming  in  late  April 
1  (www.netpro.com/welcome/ 
|  decadus).  If  you  go,  and  you 
|  meet  Jenny,  just  tell  her 
|  Dave  said,  "500  degrees." 
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services  that  start  at  9.5  cents  per 
minute.  Leader  can  afford  to  offer 
such  low  rates  in  part  because  it 
has  users  set  up  and  manage 
their  own  conference  calls  via 
the  Web  —  eliminating  the  need 


CPU  cycles  it  took  to  do  this  trans¬ 
form,"  Lamb  says. 

With  the  XA35,  Leader  has 
reduced  response  times  from  4 
seconds  to  about  one-third  of  a 
second  —  a  twelvefold  increase 
in  performance,  he  says. 

The  DataFbwer  appliance  also 
lets  Leader  increase  scalability 


II  XML  has  tremendous  business  benefits  -  it 
cuts  costs ...  and  allows  easy  integration  with 
trading  partners  -  but  it  has  certain  prob¬ 
lems.  Performance  is  one  of  them.  99 

Eugene  Kuznestov 

CTO,  DataPower 


for  Leader  to  provide  human  staff 
for  these  tasks,  says  Jeff  R.  Lamb, 
CTO  at  Leader.  Leader’s  Web- 
based  conference-calling  plat¬ 
form  is  based  on  XML. 

As  users  set  up  or  modify  con¬ 
ference  call  settings,  the  applica¬ 
tion  transforms  generic  XML  doc¬ 
uments,  using  an  Extensible  Style 
sheet  Language  Transformations 
(XSLT)  process,  on  the  fly,  into 
HTML.  The  HTML  code  then  ren¬ 
ders  a  client  interface  geared  for 
devices  such  as  desktops,  mobile 
phones  and  PDAs,  Lamb  says. 

The  XA35  2.0  speeds  processing 
of  the  XML-to-HTML  transforma¬ 
tions.  Before  Leader  deployed  the 
XA35,  it  was  taking  too  much  time 
and  CPU  power  to  render  client 
interfaces,  Lamb  say’s. 

leader  had  tried  multiple  opti¬ 
mization  techniques,  including 
each  ing  database  objects  and 
trails  mis.  “The  biggest  bottle¬ 
neck  v.  nad  left  was  the  actual 


without  investing  in  new  servers. 
By  offloading  SSL  encryption  to 
the  XA35,“our  servers  don’t  have 
to  deal  with  any  of  that  expensive 
CPU  encryption  and  decryption 
stuff,”  Lamb  says. 

The  net  result  is  a  fifteenfold 
increase  in  scalability,  he  says. 
“The  only  other  way  we  could 
have  solved  the  scalability  prob¬ 
lem  was  to  have  thrown  a  ton  of 
hardware  at  it  —  a  cost-prohibi¬ 
tive  mountain  of  hardware  to 
have  been  able  to  simultaneously 
support  the  number  of  users  that 
we  wanted,"  Lamb  says. 

The  XA35  XML  Accelerator  2.0 
is  available  now.  Pricing  starts  at 
$35,000. 
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performed  alike. “We  found  negligible  differences 
in  performance,  in  terms  of  throughput,  [net¬ 
work]  latency  flexibility  and  so  on, ’’Welch  says. 

Initially,  Welch  thought  that  the  deployment 
issues  would  be  things  such  as  security  the 
unique  qualities  of  radio  frequency  as  the  med¬ 
ium  and  so  on.  But  all  those  proved  “relatively 
easy”  he  says. 

“The  big  problem  was  setting  up  the  student 

West  Point  goes  wireless 

Students  at  the  U.S.  Military  Academy  at 
West  Point  have  classroom  access  to  an 
802.11a,  54M  bit/sec  wireless  UN.  The  UN 
includes  a  variety  of  equipment  that 
ensures  throughput  and  security. 


Cranite  security  gateway 


1 

Ethernet 

V 
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Security:  Cranite  WirelessWall  gateway 
software  includes  a  firewall  and 
authenticates  client  and  access  points 
over  an  encrypted  tunnel  providing 


Wired  Equivalent  Privacy,  which  is  part 
of  the  802.11  standard. 


Wired  classroom  PC 


V  V 


I 


Windows  NT  laptops,  with  SMC  802.11a  adapters 


I 


Typical  classroom:  about  25  by  25  feet 
Maximum  number  of  students:  18 


machine  with  the  wireless  [network  interface 
card] ,  and  the  security  software  [from  Cranite 
Systems],”  Welch  says.  “But  then  the  student 
messes  around  with  the  machine  and  messes  up 
the  [wireless]  configuration.  We  hadn’t  consid¬ 
ered  this.” 

A  second  lesson  was  figuring  out  how  to  keep 
the  wireless  net  running,  and  handle  any  prob¬ 
lems,  with  an  IT  support  structure  designed  for  a 
wired  net.  Limited  by  various  organizational  re¬ 
quirements,  he  pulled  together  staff  from  various 
groups  and  departments  and  created  a  kind  of 
“virtual”  support  organization.  All  members  of 
this  team  were  given  a  basic  training  in  wireless 
technology,  and  there  is  a  clear  structure  and 
procedure  for  identifying  problems  and  refer¬ 
ring  them  to  the  team’s  wireless  experts. 

Security  is  based  on  Cranite’s  WirelessWall 
gateway  software,  which  runs  on  Linux  servers. 

WirelessWall  incorporates  a  firewall 
and  mutually  authenticates  client 
and  access  point  over  an  encrypted 
tunnel.  Cranite  scrambles  all  infor¬ 
mation  on  the  network,  including  IP 
header  information,  with  the  Ad¬ 
vanced  Encryption  System,  which  is 
far  stronger  than  the  standard  Wired 
Equivalent  Privacy  that’s  part  of  the 
802.1 1  standard. 

For  management,  the  IT  group  is 
using  Cisco  net  management  prod¬ 
ucts,  along  with  some  utilities  from 
SMC.  The  wireless  team  has  just  got¬ 
ten  its  hands  on  two  protocol  snif¬ 
fers, specifically  designed  for  802.1  la 
wireless  LANs. 

The  sniffers  are  critical  to  quickly 
troubleshoot  any  reported  prob¬ 
lems.  In  the  future,  the  sniffers  will 
let  network  administrators  continu¬ 
ally  fine-tune  the  network’s  performance.  “My 
wireless  guys  are  saying,  ‘We  have  got  to  have 
this,’"  Welch  says  ■ 


Throughput:  Multiple 
access  points  ensure 
there’s  no  more  than 
19  people  sharing  that 
higher  bandwidth. 


Appications:  A  variety  of 
specialized  applications 
on  laptops  let  students 
run  computerized  battle 
simulations. 
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Partitioning  bonanza:  Unix  servers 


■  BY  DENI  CONNOR 

Partitioning,  a  technology  used  in  mainframe  com¬ 
puters,  is  making  its  way  into  mid-  and  high-end 
Unix  systems  where  corporate  users  employ  it  to 
isolate  and  protect  applications  from  each  other,  com¬ 
bine  processing  power  to  run  large  applications  or  con¬ 
solidate  processing  onto  bigger  machines. 

In  the  next  year.HBIBM  and  Sun  each  will  introduce 
more  machines  that  can  be  divided  into  partitions  for 
running  different  operating  systems,  applications  and 
workloads.  Lightweight  Internet  applications,  such  as  Web 
serving,  caching  or  load  balancing,  could  be  intermixed 
with  heavier  transaction-based  applications  such  as 
Oracle  on  the  same  machine, saving  IT  the  expense  of 
buying  two  servers  —  one  for  each  application. 

In  partitioning,  a  servers  resources  —  CPU,  memory 
I/O,  interconnects  and  buses  —  are  divvied  up  accord¬ 
ing  to  the  needs  of  the  applications  running  on  the  serv¬ 
er.  Applications  are  protected  from  the  actions  of  other 
applications  that  could  cause  failures,  and  optimally 
they  can  shift  allocated  resources  on  the  fly  without  tak¬ 
ing  the  system  down. 

In  an  economy  where  money  for  new  equipment  is 
becoming  scarce,  companies  are  saving  by  consolidating 
applications  onto  fewer  larger,  more  powerful  machines. 
Partitioning  helps  because  it  lets  users  run  separate  work¬ 
loads  on  the  same  machine. 

“Partitions  are  primarily  used  for  segregating  programs, 
data  safeguarding  and  data  recovery  [Without  partition¬ 
ing,]  if  you  have  one  big  partition  and  any  part  of  it  fails, 
or  some  of  the  critical  operating  system  data  or  configu¬ 
ration  becomes  corrupt,  the  whole  system  is  down  and 
recovery  is  more  time-consuming  and  difficult,” says  Dan 
Gahlinger, senior  network  engineer  and  system  adminis¬ 
trator  for  Interlynx,  an  ISP  in  Hamilton,  Ontario. 

Gahlinger  has  a  variety  of  Sun  workstations  and 
servers,  including  Sun’s  entry-level  Enterprise  450  Server, 
that  are  partitioned  in  what  Sun  calls  Dynamic  System 
Domains,  meaning  resources  can  be  reallocated  to 
other  applications. 

Partitioning  is  used  not  only  to  combine  operations 
that  formerly  ran  on  different  servers,  but  also  to  run 
applications  that  have  become  too  large  to  run  on  one 
processor. 

“We’ll  be  running  FeopleSoft  8  with  an  Oracle  database 
engine  in  four  partitions  —  [the  partitions]  contain  Web 
server,  application  server,  database  server  and  test  and 
development," says  David  Meacham,  director  of  IT  for 
Delaware  North  Companies,  a  concessions  and  hospital¬ 
ity  company  in  Buffalo,  N.Y 
“We  are  replacing  an  HP  V-Class  Enterprise  Server 
V2250  and  an  HP  K360  server  with  [HP’s]  Superdome,” 
Meacham  says.“We  looked  at  buying  several  machines, 
but  because  of  the  size  of  our  database,  we  needed  to 
have  24  processors  for  PeopleSoft  alone.  We  didn’t  feel 
comfortable  bringing  in  systems  where  capacity  had 
already  hit  the  ceiling.” Superdome  is  HP’s  high-end  PA- 
R1SC  based  server. 

Analysts  say  one  promise  of  partitioning  is  its  ability  to 
adjust  workloads  across  processors  as  they  change. 

The  more  that  workloads  are  Internet-driven  and 
harder  to  predict,  the  more  dynamic  they  need  to  be,” 
says  Jean  Bozman,  research  vice  president  for  IDC.“You 


need  to  have  resources  that  can  be  tapped  and  available, 
rather  than  going  out  and  building  tremendous  data  cen¬ 
ters  with  unlimited  spare  capacity 

Partitioning  evolved  from  IBM  mainframe  environ¬ 
ments,  where  it  was  used  to  balance  the  workload  of  a 
server  and  protect  applications  from  harm.  Because  it 
was  too  expensive  to  buy  several  mainframes,  IBM  settled 
on  partitioning  as  an  answer  for  dividing  up  the  Big  Iron 
so  it  could  run  many  applications,  each  protected  from 
the  other.  IBM’s  partitioning  was  by  logical  partition,  com¬ 
monly  called  LPAR.  In  1996, Sun  introduced  physical  par¬ 
titioning  with  the  Sun  Enterprise  10K.On  the  low-end 
Intel  server  side,  partitioning  or  software  virtualization 
capability  is  offered  in  software  from  several  vendors, 
including  Connectix,Ensim,SW-Soft  and  VMware. 

There  are  three  types  of  partitioning:  physical,  logical 
and  virtual. 

In  physical  partitioning  —  the  most  common  variety  — 
the  partitions  are  divided  along  hardware  boundaries. 
Each  partition  might  run  a  different  version  of  the  same 
operating  system.  Sun  and  HP  servers  deploy  physical 
partitioning  —  the  number  of  partitions  relies  on  the 

Partitioning  play 


hardware.  Physical  partitions  have  the  advantage  of  allow¬ 
ing  complete  isolation  of  operations  from  operations  run¬ 
ning  on  other  processors,  thus  ensuring  their  availability 
and  uptime.  Processors,  I/O  boards,  memory  and  inter¬ 
connects  are  not  shared,  allowing  applications  that  are 
business-critical  or  for  which  there  are  security  concerns. 

“One  of  my  clients  is  running  a  billing  application  on 
an  HP  AlphaServer  GS160  with  two  partitions  —  each 
contains  eight  processors  and  64G  bytes  of  memory  says 
Gordon  Dixon,  a  consultant  with  Cybertech  Resources. 
The  GS160  is  a  midrange  16-processor  system,  which  runs 
Tru64  Unix  and  Open  VMS  and  can  be  partitioned  into  as 
many  as  four  partitions,  one  for  every  four  CPUs. 

“Each  partition  runs  the  Open  VMS  operating  system 
and  is  handled  as  a  completely  separate  system,  such 
that  there  is  not  a  single  point  of  failure,”  Dixon  says 
The  disadvantage  of  physical  partitioning,  analysts  say,  is 
that  machines  cannot  be  divided  into  as  many  partitions 
as  those  that  use  logical  partitioning,  and  users  can’t  con¬ 
solidate  many  lightweight  applications  on  one  machine. 

HP  will  introduce  a  version  of  its  SuperDome  server 
midyear  that  would  let  different  operating  systems  run 
in  separate  partitions.  By  year-end,  the  company  is 


expected  to  launch  a  32-  and  64-way  version  of  its  EV7 
processor-based  AlphaServer,  code-named  Marvel.  Later 
this  year,  the  company  also  plans  to  introduce  a  new 
version  of  its  HP9000,  which  uses  the  PA-8800  processor 
—  this  will  support  dual-core  technology  —  doubling 
Superdome’s  processors  to  128.  Superdome  presently 
supports  16  hardware  partitions  using  nPars.and  64  uni¬ 
processor  partitions  with  an  HP  partitioning  method 
called  virtual  partitions. 

In  logical  partitioning,  supervisory  software  overlays 
the  hardware  so  a  machine  can  be  divided  along 
processors,  memory  a  bus  or  an  I/O  slot.  IBM  and  Sun 
have  software  partitioning  capability  —  the  number  of 
partitions  each  vendor  allows  in  their  servers  varies 
from  as  few  as  16  in  IBM’s  p690  “Regatta”  server  to  an 
unlimited  quantity  in  Sun’s  newest  Sun  Fire  vl280  or 
Sun  Fire  12K  or  15K  servers.  Servers  that  use  software 
partitioning  also  have  advantages  and  disadvantages, 
analysts  say 

Because  logical  partitioning  does  not  have  the  electri¬ 
cal  isolation  of  hardware  partitioning,  it  is  not  immune 
to  failures. 


In  the  first  half  of  2004,  IBM  will  introduce  a  64-proces- 
sor  p690,  code-named  Armada.  Armada  will  use  IBM’s 
Fbwer5  processor,  which  deploys  a  technology  called 
simultaneous  multithreading.  In  simultaneous  multi¬ 
threading,  each  processor  can  undertake  the  actions  of 
two  concurrent  threads,  with  full  access  to  system 
resources,  thus  making  a  64-processor  machine  look  as  if 
it  has  128  processors.  IBM  says  with  the  next  version  of 
A1X, Version  5.3,  due  in  the  first  half  of  2004,  that  improved 
partitioning  capability  will  let  users  run  as  many  as  10 
operating  systems  per  processor. 

HP  also  plans  128-processor  servers  using  PA-RISC  and 
Itanium  processors  late  this  year  and  next. 

Virtual  or  software  partitioning,  in  which  processors 
arbitrarily  divide  physical  resources,  operating  systems  or 
time  segments,  applies  the  least  to  Unix  machines.  Users 
will  deploy  it  primarily  in  x86-based  servers  or  in  IBM 
mainframes  using  Linux.  Because  it  is  software-based, 
complete  fault  isolation  is  impossible,  llluminata  analyst 
Gordon  Haff  says  that  as  hardware  becomes  more  reli¬ 
able  and  the  need  to  isolate  applications  from  each  other 
decreases,  vendors  will  focus  on  letting  users  partition 
their  servers  more  finely  ■ 


Server  partitioning  varies  in  its  use  and  capability  from  systems  that  are  fault-isolated  to  those  that 
can  run  numerous  lightweight  applications. 


Type  of  partitioning 

Advantages 

Disadvantages 

Examples 

Physical 

Total  isolation  of  system  resources;  can  run 
applications  larger  than  processor  size. 

Limited  partitioning 
capabilities. 

Sun  Fire  E12K,  HP 
AlphaServer  GS320 

Logical 

More  flexibile  than  physical  partitioning; 
increased  number  of  partitions;  can  run  more 
lightweight  applications;  can  run  applications 
larger  than  processor  size. 

Resources  not 
isolated. 

IBM  eServer  p690  and 
p670,  HP  Superdome 
vPars 

Virtual  or 
software 

Most  flexible;  increased  number  of  partitions; 
can  run  applications  larger  than  processor 
size. 

Resources  not 
isolated;  limited  to 

Linux  and  Windows 
operating  systems. 

IBM  zSeries  Linux  on 
Mainframe,  VMware, 
SW-Soft,  Connected, 
Ensim 

At  CDW,  we  don't  build  technology.  Instead,  we  focus  on  giving  customers 
the  best  technology  buying  experience  possible  -  from  a  warehouse  full  of 
brand  name  products  to  partnerships  with  manufacturers  to  a  state-of- 
the-art  distribution  system.  We  ensure  you  get  the  products,  value  and 
speed  of  delivery  you're  looking  for.  It's  a  better  way  to  buy  technology. 
Then  again,  it's  all  we  focus  on.  For  more  information,  call  or  visit  our  Web  site. 
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By  a  conservative  estimate,  over  80%  of  viruses  infect  corporate  networks  via  email.* 
And  one  in  every  300  emails  contains  a  virus.'  Trend  Micro  understands  this,  and  it's 
precisely  our  understanding  that  makes  us  the  market  leader  in  antivirus  at  the 
gateway.'  While  most  security  solutions  are  unable  to  anticipate  malicious  behavior, 
Trend  Micro's  security  policies  are  designed  to  quickly  identify  and  quarantine 
suspicious  email — often  before  a  virus  signature  is  even  identified.  By  linking  over 
250  antivirus  experts  around  the  world  to  the  enterprise  via  Trend  Micro  Control 
Manager,*  network  administrators  are  able  to  rapidly  deploy  messaging  security  strate¬ 
gies  across  the  network.  Securing  the  gateway  is  the  first  step  of  an  overall  Trend  Micro 
Enterprise  Protection  Strategy  designed  to  keep  the  entire  enterprise  free  from 
malicious  code.  For  more  information  about  Trend  Micro's  Intuitive  Information 
Security,  please  visit  trendmicro.com/products  or  call  1.888. 58. TREND. 
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■  Software  maker  Divine 
announced  last  week  that  after 
months  of  cost  cutting,  it  will  ex¬ 
plore  strategic  alternatives  —  in¬ 
cluding  filing  for  bankruptcy  protec¬ 
tion  —  to  protect  its  operations. 

A  one-time  business  incubator, 
Divine  today  sells  a  range  of  soft¬ 
ware,  including  CRM,  content  man¬ 
agement  and  collaboration  applica¬ 
tions.  The  company  was  founded  in 
1999  by  entrepreneur  Andrew  Filip- 
owski,  who  today  is  chairman  and 
CEO.  The  company  says  it  has 
worked  over  the  past  several 
months  to  minimize  operating  ex¬ 
penses  and  various  liabilities.  How¬ 
ever,  its  board  of  directors  has 
determined  that  Divine  must  seek 
alternatives.  The  company  reported 
a  net  loss  of  $159.8  million  for  the 
nine  months  ended  Sept.  30.  Merger 
and  acquisition  adviser  Broadview 
International  will  help  Divine  explore 
its  options,  which  could  include 
asset  divestitures  and  Chapter  11 
bankruptcy  filing.  Divine  says  it  cur¬ 
rently  is  involved  in  discussions  to 
sell  several  of  its  businesses  and 
assets. 

■  BEA  Systems  has  released  an  up¬ 
grade  to  its  JRockit  Java  virtual 
machine  for  servers  based  on  Intel 
processors.  BEA  acquired  JRockit 
early  last  year  from  Sweden’s  Ap¬ 
peal  Virtual  Machines  AB  and  has 
worked  closely  with  Intel  to  improve 
the  product  for  servers  based  on 
Intel  chips.  Most  of  BEA's  customers 
run  its  WebLogic  Java  application 
server  on  Unix  systems  from  Sun 
and  HP,  but  sales  on  Intel-based  sys¬ 
tems  represent  the  fastest-growing 
part  of  its  business.  The  main  en¬ 
hancements  in  the  new  release  of 
JRockit,  Version  8.0,  are  in  perfor¬ 
mance.  BEA  says  it  improved  the 
profiling  and  debugging  interfaces 

in  JRockit  to  help  customers  write 
faster  applications,  and  to  find  and 
fix  performance  bugs.  Version  8.0  is 
available  for  download  for  32-bit 
Windows  and  Linux  systems. 
www.bea.com 


Managing  digital  rights 

10  things  you  need  to  know  about  controlling  corporate  content 


■  BY  JASON  MESERVE 

Digital  rights  management  is  a  hot  topic 
in  the  entertainment  business  as  record 
and  movie  companies  try  to  figure  out 
how  to  protect  their  content  from  piracy 
and  mass  distribution  by  way  of  file-shar¬ 
ing  services  such  as  Kazaa  and  Morpheus. 
But  DRM  does  more  than  protect  movies 
and  music.  It  also  can  have  a  profound 
effect  on  the  way  corporate  data  is  used 
and  shared. 

DRM  is  not  necessarily  a  single  product 
or  service,  but  a  means  of  extending  cor¬ 
porate  security  to  digital  content  that  is 
easy  to  move  around.  The  premise 


behind  DRM  is  relatively  simple:  Users 
are  given  rights  to  a  piece  of  content 
based  on  certain  conditions  (such  as 
they  can  view  it  once,  for  a  set  period  of 
time,  or  can  use  it  only  on  a  particular 
machine  or  device). 

IData  format.  Various  types 
of  data  (documents,  spread- 
I  sheets,  rich  media)  need  to  be 
secured  in  corporations. “[Organizations] 
should  take  inventory  of  those  formats 
and  make  sure  the  technology  that’s 
picked  can  cover  all  of  them,”  says  Paul 
Rettig,  director  of  digital  media  develop¬ 
ment  at  IBM.“You  don’t  want  five  or  six  dif¬ 


ferent  solutions  to  cover  all  the  areas  you 
need  to  protect.” 

When  thinking  about  what  product,  ven¬ 
dor  or  service  to  use  in  a  DRM  implemen¬ 
tation,  Rettig  says  it’s  important  that  the 
ability  to  define  rights  is  generic  across  all 
media  types.  With  that  said,  there  will  al¬ 
ways  be  some  idiosyncrasies  on  how 
those  rights  are  managed  and  imple¬ 
mented  based  on  the  delivery  method 
and  format.  For  instance,  streaming  media 
files  could  have  a  right  that  says  whether 
they  can  be  saved  after  they’re  streamed 
or  not,  where  a  document  can  be  read¬ 
only  or  read-write-print. 

See  DRM,  page  28 


Tacit  brings  together  like-minded  users 


■  BY  JOHN  FONTANA 

PALO  ALTO  —  Tacit  Knowledge  Systems 
this  week  is  unveiling  a  server  designed  to 
link  users  of  different  collaboration  plat¬ 
forms  throughout  a  corporation. 

The  purpose  of  the  company’s  forthcom¬ 
ing  ActiveNet  server  is  to  bring  together 
users  with  the  same  interests  who  may  not 
be  aware  of  each  other.  Often  organiza¬ 
tions  have  a  mishmash  of  collaboration 
tools  from  e-mail  to  Web-based  team 
rooms  to  peer-to-peer  clients.  Users  collab¬ 
orating  via  one  tool  on  a  subject  might  not 
know  that  others  are  collaborating  on  the 
same  topic  using  a  different  tool.  The  Tacit 
software  lets  companies  link  those  pieces. 

ActiveNet,  using  a  set  of  connectors  to 
collaboration  platforms  ranging  from  Lotus 
Notes  and  Microsoft  Exchange  to  Open 
Text,  Documentum  and  Groove  Networks, 
can  recognize  those  parallel  conversations 
and  link  the  participants. 

“Tacit  is  trying  to  take  collaboration  to  the 
next  level,”  says  Matt  Cain,  an  analyst  with 
Meta  Group.“It  helps  you  find  the  right  ex¬ 
perts  . . .  and  start  a  dialogue.  Companies 
need  to  link  content  and  collaboration  and 
Tacit  helps  you  find  content  and  expertise.” 

The  server  is  not  a  central  repository  of 
data,  but  instead  is  a  repository  of  user  pro¬ 
files  automatically  created  by  examining 
the  documents  and  electronic  communi¬ 
cations  associated  with  a  user.  Technol¬ 
ogies  such  as  Lotus  Discovery  Server  and 
Microsoft’s  ShareFbint  Portal  Server  use 
similar  technologies  within  their  products. 


Getting  together 

Tacit  Knowledge  Systems  this  week 
unveiled  its  ActiveNet  server,  which 
can  help  users  locate  each  other 
even  if  they  are  using  different 
collaboration  software. 


User  A 


O  User  A’s  profile,  which  the  ActiveNet  server  creates 
automatically,  lists  his  interest  in  and  expertise  with 
Linux. 


©  Users  B  and  C,  collaborating  through  peer-to-peer 
clients,  discuss  forming  a  committee  to  study  Linux 
use  in  corporations.  In  the  background,  ActiveNet  logs 
key  words  from  the  conversation. 

©  ActiveNet  recognizes  User  A’s  interest  in  Linux  and 
sends  an  e-mail  request  to  Users  B  and  C  asking  if  it 
can  share  conversation  with  User  A. 

©  Users  A,  B  and  C  create  a  collaborative  environment 
using  any  collaboration  tool  common  to  their  desktops, 
including  e-mail,  team  room  software  or  peer-to- 
peer  clients. 


Using  a  feature  called  hotlist,  ActiveNet 
finds  information  matching  topics  listed  in 
a  user’s  profile,  and  the  system  will  ask  the 
creators  of  that  information  if  they  want  to 
share  the  data.  If  they  do,  ActiveNet  will 
send  a  message  to  the  user  alerting  him  to 
the  data  and  its  creators.  From  there,  the 
user  and  the  creators  of  the  data  can  pick 
any  tool  they  choose  to  collaborate  further. 

The  system  also  has  a  more  manual  fea¬ 
ture  used  to  search  for  people  with  knowl¬ 
edge  on  topics  as  listed  in  their  profiles. 

“The  use  of  collaboration  tools  is  not  very 
coordinated  at  large  companies,”  says 
David  Gilmour,  CEO  of  Tacit.  “People  have 
plenty  of  tools  focused  on  how  to  collabo¬ 
rate,  but  ActiveNet  is  focused  on  who,  when 
and  why.” 

ActiveNet  is  a  Java-based  application 
that  runs  on  Windows  2000  and  provides 
management  controls  for  searching  and 
hotlists.  ActiveNet  is  built  on  Tacit’s  ESP  5.0 
collaboration  platform,  which  provides 
search  and  profiling  engines, and  the  coor¬ 
dination  services  that  link  users.lt  must  be 
run  with  a  Java  2  Platform  Enter-prise  Edi¬ 
tion  server,  which  is  used  to  present  a  Web- 
based  interface,  and  Microsoft’s  SQL 
Server  2000  or  Oracle  91  database. 

The  software  also  features  a  Web-based 
administrative  console  for  setting  adminis¬ 
trative  passwords  and  assigning  roles. 

ActiveNet  will  be  priced  per  user  profile 
and  is  expected  to  ship  in  April.  A  base 
installation  ranging  from  500  to  1,000  users 
is  priced  between  $60,000  and  $80,000. 

Tacit:  www.tacit.com 


I  AM  A  SHELL 

l  CAN  FIGHT  CANCER.  !  AM  MERCENARIA  MERCENARY.  I  HAVE  AN 
EXTRACT  IN  MY  SHELL  THAT  HAS  THE  POWER  TO  SLOW  CANCERS 
IN  MICE.  I  HAVE  THE  POWER  TO  BE  THE  NEXT  PENICILLIN.  I  AM  MORE 
THAN  A  SHELL. 


I  AM  A 
NETWORK. 

I  CAN  TURN  SHELLS  INTO  MEDICINE.  I  HAVE  THE  POWER  TO  MOVE 
CLINICAL  TRIALS  ONLINE  SO  NEW  DRUGS  GET  TO  MARKET  FASTER. 
I  HAVE  THE  POWER  TO  PROTECTA  PATIENT'S  PRIVACY.  I  CAN  USE 
THE  POWER  OF  E-LEARNINGTO  LET  DOCTORS  SHARE  RESEARCH 
WITH  OTHER  DOCTORS.  I  THINK  SHARING  IS  CARING.  I  AM  MORE 
THAN  A  NETWORK. 


THIS  IS  THE  POWER  OF  THE  NETWORK.  IIOW. 
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Like  the  title  thing  in  the  1958  Steve 
McQueen  science  fiction  film  “The 
Blob,”  Internet  taxes  are  on  the 
move  again. 

In  the  U.S.,we  generally  have  been  free 
of  taxation  for  Internet  services  and  for 
goods  and  services  purchased  over  the 
’Net.  But  this  might  be  coming  to  an  end. 

Our  freedom  from  these  taxes  is  not 
based  on  any  lack  of  attempts  by  tax 
authorities.They  have  tried  quite  hard  but 
have  been  blocked  by  two  things. 

First,  a  1992  U.S.  Supreme  Court  decision 
that  said  states  could  not  force  retailers 
with  no  significant  presence  in  the  state 
(in  those  days  it  was  mail  order  houses) 


Is  it  tea  time  again? 


to  collect  taxes  on  goods  and  services 
sold  to  people  living  in  the  state.  This 
came  about  because  the  complexity  of 
having  to  deal  with  7,500  or  so  separate 
tax  jurisdictions  was  too  much  to  impose 
on  the  sellers. 

Second,  a  series  of  federal  laws  prohi¬ 
bited  anyone  from  adding  new  taxes  for 
Internet  services. 

The  current  iteration  of  the  federal  law 
will  expire  this  November  unless  it  gets 
extended  again,  but  it  does  not  block 
taxes  on  goods  and  services  purchased 
over  the  Internet.  Those  taxes  still  are 
blocked  by  the  Supreme  Court’s  ruling, 
which  could  be  dealt  with  by  the  passage 
of  a  new  federal  law  that  say  it  is  OK  to  tax 
in  spite  of  the  complexity  or  by  simplify¬ 
ing  the  tax  chaos.  Many  states  are  busily 
doing  the  latter. 

A  group  of  31  states  have  been  partici¬ 
pating  in  the  “Streamlined  Sales  Tax 
Project”  (www.nwfusion.com,  DocFinder: 
4433),  which  recently  adopted  model  tax 


rules  that,  if  adopted  by  enough  state  leg¬ 
islatures,  could  pass  the  Supreme  Courts 
simplification  threshold.  The  adoption  of 
these  simplified  rules  are  far  from  a  done 
deal  because  they  override  some  county, 
city  or  local  taxes,  and  these  folk  likely 
will  object.  And  things  might  not  stay  “sim¬ 
ple”  for  all  that  long  because  the  model 
rules  let  states  add  new  taxes  later,  some¬ 
thing  I  seriously  doubt  they  will  refrain 
from  doing. 

I  would  expect  that  any  taxes  on 
Internet  services  quickly  would  become 
the  general  revenue-gathering  device  that 
taxes  on  telephone  services  have  be¬ 
come.  I  also  expect  that  those  imposing 
such  taxes  would  try  to  distinguish  be¬ 
tween  different  Internet  services  such  as 
voice  over  IP  and  in  some  cases  be  urged 
by  incumbent  telephone  companies  to 
kill  competing  technology  (ostensibly  for 
the  sake  of  fairness). 

As  you  might  expect,  the  prospect  of 
taxes  on  the  Internet  has  brought  out 


www.nwfusion.com 


quite  a  range  of  opinions,  from  brick-and- 
mortar  stores  that  see  a  need  to  even  the 
playing  field,  to  the  folks  who  think  all 
taxes  are  unconstitutional  (one  of  whom 
wrote  late  last  year  that  taxing  out-of-state 
companies  would  be  taxation  without 
representation).  I  seem  to  recall  that 
phrase  from  somewhere  in  Boston’s  past. 

It  will  be  interesting  to  see  what  this  tax¬ 
cutting  administration  will  do  if  a  bunch 
of  states  go  through  the  simplification 
process  and  then  demand  to  be  able  to 
collect  some  of  the  $1.5  billion  to  $50  bil¬ 
lion  (depending  on  who  you  ask)  of  “lost" 
taxes  next  year. 

Disclaimer:  I  expect  the  Harvard  Business 
and  Government  schools  have  different 
opinions  on  taxes  of  all  kinds  but  I  did  not 
ask  them  —  the  above  musing  is  mine. 

Bradner  is  a  consultant  with  Harvard 
University's  University  Information  Sys¬ 
tems.  He  can  be  reached  at  sob@ 
sobco.com. 


DRM 

continued  from  page  25  ■ 

Puzzle  pieces.  Any  drm 

system  put  in  place  needs  to  be 
I  integrated  with  the  existing  en¬ 
terprise  infrastructure,  including  file  man¬ 
agement  systems,  databases,  e-mail  and 
Web  servers. 

“You’re  going  to  need  some  sort  of  data¬ 
base  if  you’re  going  to  be  managing 
licenses  and  accounts.  And  if  you’re  going 
to  issue  passwords  via  e-mail,  you’ll  need 
an  e-mail  server  to  send  users  something,” 
says  Ezra  Davidson,  co-founder  and  vice 
president  of  business  development  at 
SyncCast,  a  content  delivery  and  DRM  ser¬ 
vice  provider.  “Think  about  how  you’re 
going  to  issue  licenses  and  what  type  of 
server  and  complementary  technology 
within  your  enterprise  you  may  need.  It’s 
like  if  you  buy  a  new  car, you  still  need  the 
gas  to  run  it.” 

Support  the  user.  Rettig 

says  that  like  any  type  of  security 
|  infrastructure,  you  need  the  right 
support  to  manage  problems  such  as  lost 
passwords  or  transitioning  workers.  When 
DRM  locks  a  piece  of  content  to  a  specific 
PC  or  person,  what  happens  when  a  user 
gets  a  new  PC  or  the  worker  takes  a  new 
position?  The  license  needs  to  be  moved 
to  the  machine  or  employee  taking  over 
the  job  task. 

At  Jane’s  Information  Group,  a  Alexan¬ 
dria,  Va.,  company  that  publishes  titles 
such  as  “Jane’s  Fighting  Ships,"  offers  ac¬ 
cess  to  its  online  library  on  an  individual 
and  corporate  basis.  Jane’s  would  like  to 
be  able  to  offer  a  single  logon  to  an  in¬ 
dividual  that  also  contains  the  rights  that 
person’s  employer  might  have  paid  for  as 
well,  says  Lisa  Koenigsberg,  eServices 
manager  at  Jane's. 

“Part  of  the  issue  is  someone  has  to 
manage  it,"  Koenigsberg  says.“lf  you  leave 


the  company,  Jane’s  doesn’t  know  you’ve 
left,  and  you  could  still  retain  the  compa¬ 
ny’s  [access]  rights  even  though  you’re 
not  there.” 

Protect  your  keys,  if 

using  a  third  party  to  serve  and 
|  authenticate  licenses,  it’s  impor¬ 
tant  to  keep  local  copies  of  the  user  data 
in  case  something  happens  to  the  pro¬ 
vider.  “In  the  event  the  service  provider 
goes  away,  you  need  to  have  a  transition 
period  to  get  access  to  data  they  have 
been  collecting,”  Davidson  says.  “Make 
sure  to  get  data  on  cycle  basis.  If  some¬ 
thing  happens,  you  can  take  your  data  to 
a  new  provider  and  quickly  start  issuing 
keys  again.” 

5  Partners  outside  the  fire¬ 
wall.  “  Our  biggest  challenge  is 
|  handling  the  people  who  are  not 
employees  of  our  compand’ says  Rebecca 
Burr,  director  of  market  analysis  at  chip 
maker  Xilinx  in  San  Jose.  “We’re  not  as 
aware  of  what’s  happening  [securitywise] 
at  our  partners.” 

Xilinx  is  in  the  process  of  rolling  out 
Authentica’s  PageRecall  DRM  product  to 
help  distribute  the  company’s  price  books 
(the  Holy  Grail  of  the  company’s  opera¬ 
tions)  using  the  Secure  PDF  format.  DRM 
helps  ensure  the  books  are  used  for  their 
intended  purpose  and  not  easily  distrib¬ 
uted  to  competitors.  For  assets  distributed 
outside  the  firewall,  the  protected  content 
will  have  to  be  authenticated  more  fre¬ 
quently  than  it  would  for  someone  using 
the  price  book  internally. 

6  Remote  users.  For  travel¬ 
ing  workers  not  connected  to  a 
■  network,  there  should  be  a  poli¬ 
cy  implemented  with  some  requirement 
to  “phone  home”  to  check  the  permis¬ 
sions  that  let  users  work  offline  on  the 
local  desktop.  “One  can  go  on  a  trip  off 


network  and  take  a  key”  says  Victor  De- 
Marines,  director  of  marketing  at  Authen- 
tica.  “First,  you  take  a  snapshot  of  the 
user’s  system  that’s  accessing  the  docu¬ 
ment  or  content,  then  download  that 
content  to  the  computer  and  bind  it  to 
the  machine  so  that  the  DRM  policy 
remains  in  force.” 

Mobile  devices.  If  your 

corporation  deals  with  distribut- 
|  ing  content  to  mobile  devices 
such  as  cell  phones,  PDAs  or  BlackBerrys, 
you  need  to  be  able  to  recognize  the  capa¬ 
bilities  of  the  device  to  ensure  the  restric¬ 
tions  that  DRM  is  placing  on  content, 
Rettig  says.  For  instance,  if  it’s  a  device  with 
no  date/time  feature,  then  it  cannot  track 
time-based  expiration  restrictions.  If  the 
device  cannot  help  support  the  restric¬ 
tions,  the  content  should  not  be  able  to 
reside  on  it. 

Don ’t  get  in  the  way.  On 

the  delivery  and  management 
|  end  it's  important  to  integrate 
with  existing  systems  and  workflows,  and 
the  same  can  be  said  for  the  way  end 
users  consume  data.  Jane’s  provides 
access  to  its  libraries  via  a  standard  Web 
browser,  making  it  easy  to  cut-and-paste 
and  print-and-carry  the  data  and  use  it  for 
source  material  in  a  research  project.“Our 
customers  use  us  as  a  research  tool,”  Koen¬ 
igsberg  says.  “Look  at  the  media,  how 
many  times  over  the  last  year  have  you 
seen  CNN  quote  a  piece  of  text  from 
Jane’s?  We  give  them  the  ability  to  retrieve 
the  information  themselves." 

Xilinx’s  Secure  PDF  files  are  tagged  and 
can  “report”  back  whenever  they’re 
opened,  forwarded  or  transferred,  so  the 
company  always  knows  who  is  doing  what. 
Also,  pages  that  are  printed  have  a  unique 
watermark  based  on  the  recipient’s  identity 
so  if  they  are  distributed,  they  are  easily 
tracked  to  the  original  recipient,  Burr  says. 


Change  on  the  fly.  One 

benefit  of  DRM  is  that  it  can  let 
|  content  owners  change  the 
rights  and  conditions  of  a  given  license 
on  the  fly.  Burr  says  when  a  new  price 
book  becomes  available,  the  DRM  tech¬ 
nology  being  rolled  out  will  be  able 
revoke  the  keys  to  old  price  books,  ren¬ 
dering  them  useless. This  keeps  outdated 
material  from  accidentally  being  used  or 
maliciously  distributed,  says  Jonathan 
Lewin,  founder  and  CTO  of  eMeta,  a  soft¬ 
ware  company  that  makes  content  distri¬ 
bution  tools. 

Standards  on  the 
horizon.  DRM  products 
|  and  services  now  are  typi¬ 
cally  proprietary  offerings  that  do  not 
interoperate  well  beyond  the  content 
they  control.  For  instance,  the  DRM  tech¬ 
nology  embedded  in  Microsoft’s  Win¬ 
dows  Media  Technology  supports  only 
the  Windows  Media  Format  and  not  com¬ 
peting  formats  such  as  Real  and 
Quicktime.  But  a  number  of  groups  are 
looking  to  standardize  how  DRM  rights 
are  defined  and  how  different  pieces  of 
the  puzzle  can  operate. 

One  specification  that  could  gain  con¬ 
siderable  momentum  is  coming  out  of 
ISO’s  MPEG-21  committee.  MPEG-21  is  a 
framework  for  delivering  and  using  multi- 
media  services  across  a  variety  of  de¬ 
vices.  One  of  the  major  underpinnings 
of  the  specification  is  the  Rights  Expres¬ 
sion  Language,  based  on  the  Extensible 
Rights  Markup  Language  developed  by 
ContentGuard,  which  will  provide  a  stan¬ 
dard  way  of  describing  rights  and  meth¬ 
ods  of  any  object. 

“Because  MPEG  deals  with  rich  media, 
its  [DRM  piece]  will  be  able  to  handle  all 
media  types,"  says  Bruce  Gitlin.vice  presi¬ 
dent  of  business  development  at  Content- 
Guard,  a  Xerox  spinoff  that  licenses  DRM 
patents  and  tools.  ■ 


makes  wireless  network 
imaging  easy 


One  company  enables  you  to  add  printers  and  MFP  devices 
to  your  network  without  using  cables.  Only  Kyocera  Mita 
offers  an  embedded  wireless  LAN  solution,  which  delivers 
superior  performance  as  if  it  were  wired.  Now  you  can  add 
MFPs  in  places  that  were  virtually  inaccessible,  or  move 
printers  from  office  to  office  as  workload  demands. 

Flexible  document  solutions  to  meet  today’s  needs  and 
tomorrow’s  challenges.  In  an  increasingly  wireless  world, 
one  company  is  leading  the  way.  Kyocera  Mita. 

To  learn  more  about  our  complete  end-to-end 
wireless  solution,  visit  www.kyoceramita.com 
or  call  1-800-222-6482. 
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It  always  happens  with  the  last  piece 


You  know  what  you  need,  but  you  just 
can't  find  it. 

Your  data  center  is  growing,  faster  than  your  resources. 
You  need  hands-on  control  of  your  local  server  racks  as 
well  as  the  servers  at  different  locations.  How  do  you 
complete  the  picture? 

With  one  of  Avocent's  enterprise-class  KVM  switches. 
Our  solutions  are  specifically  tailored  to  your  unique 
server  management  requirements. 


Direct  access  to  multiple  servers  from  your  data  center. 
Standard  IP  access  to  servers  in  any  location  world¬ 
wide.  Custom  configuration  for  the  level  of  access 
and  control  you  need.  Streamlined  cable  management. 
Feature-rich  software  designed  for  easy  installation 
and  system  administration. 

Now  you've  got  the  whole  picture.  Avocent's  advanced 
analog  and  digital  KVM  solutions  -  a  perfect  fit  for  your 
server  room. 


Download  our  free  whitepaper  KVM  for  the  Enterprise  at 
www.avocent.com  or  call  us  at  1-866-AVOCENT  (286-2368),  ext.  3005. 


Avocent 


Avocent  the  Avocent  .090  and  The  Power  of  Being  There  are  trademarks  of  Avocent  Corporation.  Copyright  £  2003  Avocent  Corporation. 
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Equant  launches  DSL  for  IP  VPN  users 


■  BY  DENISE  PAPPALARDO 

International  carrier  Equant  this  week 
will  announce  a  broadband  access  op¬ 
tion  that  it  says  could  save  its  managed  IP 
VPN  customers  up  to  30%  per  month  vs. 
using  dedicated  T-l  lines. 

Equant  also  says  its  DSL  Access  option 
—  initially  available  in  Australia,  Canada, 
Hong  Kong,  Italy,  Singapore,  the  U.K.  and 
the  U.S.  —  will  eliminate  for  customers 
the  hassle  of  dealing  with  multiple  DSL 
providers. 

“While  DSL  is  still  not  ubiquitously 
available,  this  is  a  good  move  on 
[Equant’s]  part,”  says  Brownlee  Thomas, 
an  analyst  at  Giga  Information  Group. 
“This  service  addresses  bandwidth  bottle¬ 
necks,  which  are  always  in  the  local  loop, 
for  small-office  users.” 


■  Internet2,  a  group  of  200  univer¬ 
sities  working  on  next-generation 
Internet  technologies,  announced 
last  week  that  its  Abilene  network 
reached  a  new  milestone:  its  first 
10G  bit/sec  transcontinental  net¬ 
work  segment.  The  group  is  in  the 
process  of  upgrading  its  U.S.  net¬ 
work  to  10G  bit/sec.  The  network 
also  will  support  native  IPv6  and 
multicasting  applications. 

Similar  to  the  Internet  before  it 
went  commercial,  Abilene  is  an  ad¬ 
vanced  network  for  academia  to 
test  sophisticated  and  complex 
applications  such  as  remote  control 
of  telescopes  and  immersive  virtual 
reality. 

■  Qwest's  financial  adventures 
continue  to  keep  industry  watchers 
guessing.  The  carrier  has  revealed 
it  will  restate  $2.2  billion  in  revenue 
for  fiscal  2000  and  2001 .  The  carri¬ 
er’s  2001  revenue  will  be  adjusted  to 
$18.4  billion  from  $19.7  billion  and 
its  2000  revenue  to  $15.7  billion 
from  $16.6  billion.  Qwest  officials 
cited  billing  errors  and  premature 
revenue  recognition  as  the  primary 
causes  of  the  restatements. 


Bill  Strickland,  national  technology  manager 
for  IS  LAN/WAN  services  at  Toyota,  says  DSL 
access  is  lacking. 


Equant  is  targeting  customers  who  want 
more  bandwidth  than  they  get  from  dial¬ 
up  but  find  dedicated  T-l  lines  too  expen¬ 
sive.  While  it  will  vary  from  country  to 
country,  the  DSL  option  will  cost  cus¬ 
tomers  20%  to  30%  less  per  month  than 
dedicated  T-l  access  but  provide  the  same 
transmission  speed,  says  Gopi  Gopinath, 
senior  vice  president  for  data  services  at 
Equant. 

In  the  U.S.,  Equant  is  teaming  with  Co¬ 
vad  Communications  and  SBC  to  provi¬ 
sion  DSL  to  its  IP  VPN  customers.  Over¬ 
seas,  Equant  is  working  with  different  ser¬ 
vice  providers  in  each  country. 

Equant,  which  offers  its  IPVPN  service  in 
140  countries,  plans  to  extend  DSL  access 
to  France  and  Germany  by  mid-year  and 
to  make  it  available  in  more  countries  in 
the  second  half  of  the  year. 

“It’s  a  very  tricky  proposition  to  offer 
DSL  support  across  multiple  regions,” says 
Camille  Mendler,  research  director  at  The 
Yankee  Group.  It  is  difficult  to  support 
consistent  service  levels  and  perfor¬ 
mance  guarantees  when  dealing  with 
multiple  local  providers,  she  says. 

“This  is  a  headache  that  many  busi¬ 
nesses  would  be  interested  in  handing 
over  to  Equant,”  she  adds. 

One  headache  Equant  still  is  trying  to 
cure,  though,  is  a  lack  of  performance 
guarantees. 

“The  fact  is  we  are  not  able  to  get  [ser¬ 
vice-level  agreements]  from  the  [DSL]  ser¬ 
vice  providers,”  Gopinath  says.  “Until  we 
have  a  reasonable  number  of  providers 
with  SLAs,  we  cannot  offer  [performance 
guarantees]  to  our  customers.” 

Toyota,  which  links  its  dealerships  via  a 
1,000-site  VPN,  says  it  would  like  to  use 
DSL  at  some  locations,  but  the  lack  of  per¬ 
formance  guarantees  prevents  it  from 
doing  so. 

“We  considered  DSL  to  reduce  costs, 


but  were  unable  to  get  meaningful  SLAs 
for  network  availability  or  [mean  time  to 
repair]  on  DSL  at  the  time  we  rolled  out 
the  network,”  says  Bill  Strickland,  national 
technology  manager  for  IS  LAN/WAN 
services. 

For  now,  Strickland  uses  fractional  and 
full  T-ls  at  all  his  sites. 

Although  Equant  doesn’t  offer  SLAs,  cus¬ 
tomers  can  use  its  WebVision  customer 
service  portal  to  view  traffic  utilization  sta¬ 
tistics  on  an  hourly,  daily,  weekly  and 
monthly  basis. 

Equant  is  not  the  first  carrier  to  offer  DSL 


■  BY  STEPHEN  LAWSON 

MILPITAS,  CALIF—  AT&T  Wireless  plans 
to  become  the  first  carrier  to  offer  a  high¬ 
speed,  mobile  service  in  the  U.S.  to  users  of 
Palm’s  Tungsten  W  PDA,  as  soon  as  the 
device  becomes  certified. 

Customers  of  the  device  can  expect  data 
transmission  speeds  of  up  to  40M  bit/sec 
and  service  availability  in  99  of  the  100 
largest  metropolitan  areas  in  the  U.S.,  ac¬ 
cording  to  the  carrier.  Originally  scheduled 
for  this  month,  the  release  dates  of  Palm’s 
device  and  AT&T  Wireless’  service  have 
been  pushed  back  because  of  delays  in 
certifying  the  Tungsten  W  by  the  PCS  Type 
Certification  Review  Board.  Palm  says  new 
launch  dates  will  be  announced  soon. 

Tungsten  Wwhich  was  announced  in  Oct¬ 
ober,  is  aimed  at  the  corporate  market.  The 
device  includes  an  integrated  keyboard, 
e-mail  and  short  message  service  support. 
The  device  also  includes  Palm  calendar, 
contact  and  to-do  list  software,  Acrobat 
Reader,  a  Web  browser  and  Documents  To 
Go  Professional  Edition  software. 

Although  the  Tungsten  W  supports  voice, 
it  primarily  is  designed  for  data  communi¬ 
cations.  The  device  requires  hardware 
attachments,  such  as  a  wired  headset, 
for  use  as  a  phone. 

The  device  supports  multiple  GSM 
bands  including  900MHz,  1800MHz 
and  1900MHz  that  will  let  customers 
traverse  networks  of  international  carri-  " 
ers  with  which  AT&T  Wireless  has  roam¬ 
ing  agreements. 


access  for  its  IP  VPN  users,  but  it  appears 
to  be  the  first  to  support  DSL  to  VPN  ser¬ 
vices  in  multiple  countries.  WorldCom 
announced  a  similar  option  in 
September,  although  it  is  available  in  only 
55  U.S.  markets.  AT&T  also  offers  DSL 
access  to  its  IP  and  IP  Enabled  Frame 
Relay  service,  but  only  in  the  U.S.  today. 

Equant  is  working  on  additional  remote- 
access  service  options  for  its  IP  VPN  cus¬ 
tomers,  Gopinath  says.  The  carrier  is  plan¬ 
ning  a  Wi-Fi  service  trial  that  could  lead  to 
802.11b  service  support  by  year-end, 
he  says.  ■ 


This  is  not  the  first  combination  PDA  and 
phone  that  AT&T  Wireless  has  supported. 
The  carrier  also  supports  the  Siemens  SX56 
device  and  Research  in  Motion’s  Black- 
Berry  with  phone. 

AT&T  Wireless  will  charge  Tungsten  W 
users  by  the  amount  of  data  they  send  and 
receive,  not  by  the  amount  of  time  they 
spend  online.  Plans  will  range  from  8M 
bytes  per  month  for  $20  to  100M  bytes  per 
month  for  $100.  Voice  plans  will  be  sold 
separately  but  customers  will  receive  just 
one  bill  for  both  services.The  8M-byte  plan 
requires  the  purchase  of  a  voice  plan. 

Tungsten  W  devices  will  have  a  suggested 
retail  price  of  $550. 

Lawson  is  a  correspondent  with  the  IDG 
News  Service’s  San  Francisco  bureau.  Net¬ 
work  World  Senior  Editor  Denise  Pappa- 
lardo  also  contributed  to  this  story. 


More  online! 

Get  more  background  on 
the  Tungsten  W,  including 
its  features  and  appfcations. 
DocFinder  4434 


AT&T  Wireless  to  lend 
Palm  users  a  hand 
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One  of  the  questions  I  get  regularly  is, 
“How  can  I  improve  my  network 
capacity  planning  and  forecasting 
abilities?” 

Here  are  some  thoughts  to  get  started: 
First,  make  sure  you’ve  got  solid  techni¬ 


cal  processes  for  measuring  network  per¬ 
formance  and  bandwidth  consumption. 
Specifically,  you  should  look  at  end-to- 
end  latency  across  the  network.  By  end  to 
end  1  mean  system  to  system —  not  just 
from  the  WAN  interfaces  on  the  routers. 


There  are  a  host  of  fancy  tools  to  do  this. 
If  you  can’t  afford  them,  at  least  write  a 
short  script  to  run  pings  or  traceroutes  on 
a  regular  basis. 

You  also  should  be  tracking  bandwidth 
utilization.  Look  at  average  and  peak  uti¬ 
lizations,  and  track  both  over  time.  For 
example,  your  average  utilization  might  be 
growing  at  8%  month  over  month,  while 
your  peak  utilization  grows  at  15%.  (Hint: 
You’ll  probably  need  a  network  upgrade 
sooner  than  expected).  Also  look  at  aver¬ 
age  utilization  as  a  percentage  of  peak  uti¬ 
lization,  and  note  whether  that  figure 
changes  over  time. 

You  should  look  at  the  sampling  rate  at 
least  hourly  (every  15  minutes  is  better), 
and  you  should  review  historical  trending 
at  least  quarterly 

OK,  let’s  say  you’re  doing  all  that.  Guess 
what?  That’s  only  half  the  story  Knowing 
what’s  going  on  is  table  stakes  for  playing 
the  game.  But  to  win,  you  need  to  under¬ 
stand  why  it’s  happening.  Do  this  in  two 
steps. 

Step  1:  Make  sure  you  understand  which 
network  resources  are  being  consumed  by 
which  applications  and  how  that  changes 
over  time.  Is  HTTP  growing  faster  than 
e-mail,  for  instance? 

Step  2:  Time  to  find  out  about  macro¬ 
events  that  are  driving  your  organization’s 
use  of  the  network.  For  example,  is  your 
organization  engaged  in  data  center  con¬ 
solidation?  If  so,  you’ll  probably  need  to 
think  about  increasing  the  bandwidth  to 
the  remaining  data  centers  —  and  provid¬ 
ing  redundancy  and  reliability  alternatives. 
Time  to  research  your  local  metropolitan- 
area  providers. 

What  about  a  Web  services  or  IP  tele¬ 
phony  rollout?  You’ll  need  to  check  out 
latency  requirements,  and  you  might  want 
to  invest  in  compression  technology  (par¬ 
ticularly  at  remote  branch  offices). 

How  will  you  know  about  this?  That’s  the 
tricky  part.You’ll  need  to  leave  your  team  to 
their  scopes  and  Sniffers,  and  begin  asking 
questions.  Start  with  your  boss,  but  don’t 
stop  there.  Talk  with  executives  in  other 
departments  (sales,  accounting  and  cus¬ 
tomer  service). 

And  don’t  limit  your  conversations  to 
the  senior  folks.  Midlevel  staffers  often 
have  a  lot  of  great  information  —  and 
more  time  to  talk.  That  clerk  in  account¬ 
ing  might  provide  a  valuable  heads-up 
about  the  financial  package  slated  for 
rollout  next  year.  The  visiting  salesman 
might  clue  you  into  the  new  office  the 
company’s  considering  in  Latin  America. 
And  so  on. 

Of  course,  you’ll  need  to  validate  this 
information  before  acting  on  it,  but  as 
they  say,  knowledge  is  power.  Knowing 
that  these  options  are  potentially  in  the 
works  can  help  you  make  better  deci¬ 
sions  today. 

Johnson  is  president  and  chief  research 
officer  at  Nemertes  Research,  an  indepen¬ 
dent  technology  research  firm.  She  can  be 
reached  at  johna@nemertes.com. 
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Introducing  the  MX1200,  the  industry’s  most 
innovative  and  highly  integrated  enterprise 
communications  system.  It  finally  makes  VoIP  a 
viable,  mainstream  solution. 

The  MX  1200  is  100%  based  on  open  standards, 
powered  by  Linux,  SIP,  and  VoiceXML.  This 
guarantees  flexibility  and  inter-operability  within 
your  network. 

Ail  administrative  functions  are  configured  using  one 
graphical  interface.  Users  of  the  system  can  make 
calls,  access  voice  mail,  determine  presence,  and  send 
instant  messages,  all  from  a  single  graphical  interface. 

Software  licenses  allow  the  system  to  grow  from  25  to 
1 200  users  without  requiring  any  additional 
hardware  from  Zultys. 

To  learn  how  the  MX  1200  can  address  all  of  your 
enterprise  communications  needs  and  enhance  the 
productivity  of  your  business,  call  us  or  access  our 
web  site. 


ZULTYS 


Zultys  Technologies,  the  Zultys  logo,  the  Zultys  marti,  and  MX 1200  are  trademarks  of  Zultys  Technologies  All  other 
trademark*  used  herein  are  the  property  of  thee  respective  owners  02003  Zultys  Technologies  All  nghts  reserved 


http://nw.zultys.com 


Zultys  Technologies 

771  Vaqueros  Avenue 
Sunnyvale,  CA  94085 
USA 

Tel: +1-408-328-0450 
Fax:+1-408-328-0451 
Email:  zultys@zultys.com 
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Powering  Up;  Keeping  Costs  Down 


“It’s  simple:  If  our  people  can’t  a  A* 

access  the  network,  our  customers 
go  dark,”  says  Chuck  Benton,  net-  SiCTTcl  Pacific’ 
work  analyst  at  Sierra  Pacific  "  E  5  °  u  "  c  '  5 


Fortunately  Sierra  Pacific  has  a 
robust  enterprise  network  that 
not  only  ensures  the  highest 
availability,  but  supports  new 


Resources,  a  private  utility  that  provides 
electricity  to  843,000  customers  through¬ 
out  Nevada  and  northeastern  California. 


business-enhancing  applications — such  as 
videoconferencing — to  improve  productivity 
and  streamline  costs. 


The  Bottom  Line:  More  than  $277,000  in  yearly  savings. 

Find  out  more  at  enterasys.com/nw/sierra-pacific2 
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Security  Concerns?  Harness  Built-In  Enterprise  Switch  Features 

While  the  first  automobile  seat  belts  were  invented  100  years  ago,  it  wasn't  until  the  1980s  that  they  were  used 
with  great  frequency.  Similarly,  the  enterprise  network  has  provided  a  level  of  built-in  security  many  organizations 
may  have  overlooked.  But  because  the  network  is  now  an  integral  part  of  the  business — with  much  more  at 
stake — companies  are  now  looking  to  beef  up  their  security  any  way  they  can. 


The  Evolution  of  a  More  Secure  Switch 

Enterprise  switching  technology  has 
evolved  over  the  last  several  years  to 
include  security  features  that  are  imple¬ 
mented  with  “just  a  click.”  Multilayer 
packet  classification,  sometimes  referred 
to  as  Layer  2+,  enables  a  switch  to  take 
action  based  on  criteria  other  than  a  PC’s 
address  (Layer  2)  or  the  next  router  hop 
(Layer  3).  This  means  a  switch  can 
switch,  prioritize,  limit,  or  block  packets 
based  on  a  number  of  factors,  including 
the  type  of  application,  protocol,  Quality 
of  Service  (QoS),  and  even  the  user. 

However,  in  select  multilayer  switches,  built-in 
packet  classification  provides  for  additional 
security  services: 

•  Deny  Spoofing  Service  allows  the 
switch  to  enforce  a  set  of  rules  that  pre¬ 
vents  a  user  from  acting  as  a  valid 
administrative  service — for  example, 
attempting  to  resolve  DNS  queries  as  a 
DNS  Server. 
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Packet  classifica¬ 
tion  coupled  with 
user  authentication 
allows  multilayer 
switches  to  provide 
a  reliable  first  line 
of  defense  at  the 
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•  Protocol  Priority  Access  Control 

Service  lowers  the  overall  priority  of  less 
important  network  traffic.  By  lowering  the 
Class  of  Service  given  to  this  traffic,  the 
administrator  limits  the  impact  of  the 
resource-intensive  application,  but  the 
user  community  can  still  take  advantage 
of  the  access  they  have  come  to  expect. 

What  About  Authentication? 

To  extend  security  even  further,  more 
advanced  multilayer  switches  support  a 
variety  of  standards-based  802. IX  user 
authentication  mechanisms  that  identify 
each  user. 


Deny  Unsupported  Protocol  Access 
Service  allows  the  switch  to  deny  all 
“unsupported”  protocols,  such  as  rout¬ 
ing  protocols  (RIF?  OSPRetc.)  originating 
from  a  user,  or  older  protocols  such  as 
IPX  and  AppleTalk. 

Intrusion  Prevention  Service  allows  the 
switch  to  deny  traffic  containing  well- 
known  Layer  4  ports  associated  with  attacks 


on  network  resources.This  helps  safeguard 
the  entire  network  by  blocking  known 
attacks,  such  as  common  port  scans. 

Limit  Exposure  to  Denial  of  Service 
(DoS)  Attacks  Service  is  a  set  of  rules 
that  allows  the  switch  to  deny  or  limit 
the  use  of  protocols  known  to  be  DoS 
attacks,  such  as  limiting  the  bandwidth 
allocated  to  a  user  for  ICMP  (ping). 


To  learn  more  about  this  critical  security  fea¬ 
ture  and  others  that  can  be  deployed  easily 
with  a  click — much  like  a  seat  belt — go  to 
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The  Matrix  El  Multilayer  Workgroup  Switch 
and  Gigabit  Workgroup  Switch  from 
Enterasys  Networks  provide  industry-stan¬ 
dard  switching  and  routing,  enhanced  with 
advanced  packet  classification  and  Quality 
of  Service  (QoS)  features. 

Compare  the  Matrix  El  Series  with 
Cisco’s  Catalyst  3550  Series  for  capacity, 
performance,  and  flexibility: 

•  Capacity — The  Matrix  El  has  twice  the 
number  of  10/100  ports  as  the  Catalyst 
3550-48. 

•  Performance — The  Matrix  El’s  packet 
forwarding  rate  is  60%  higher  than  the 
Catalyst  3550-48. 


•  Flexibility — The  modular  Matrix  El 
supports  a  wider  range  of  technologies 
(10/100,  10/100/1000,  100FX,  1  Gig), 
while  the  Catalyst  3550-48  is  a  fixed-con- 
figuration  switch  supporting  only 
10/100  and  1  Gig. 

The  Matrix  El  delivers  all  of  these 
advantages  at  a  more  competitive  price. 

With  multilayer  packet  classification,  the 
Matrix  El  also  supports  sophisticated  security 
capabilities  (see  above).  When  combined 
with  Enterasys’  NetSight  Atlas  management 
platform,  the  Matrix  El  provides  the 
advantage  of  highly  secure  network 
access  for  both  users  and  administrators. 
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Other  impor¬ 
tant  security- 
related  features 

include  support  for  802. IX  Authentication, 
MAC  Address  Authentication,  MAC  Port 
Locking,  Access  Control  Lists  (ACL), 
Extended  Access  Control  Lists  (ACL)  and 
policy-based  services  (anti-spoofing, 
unsupported  protocol  denial,  intrusion 
prevention,  and  DoS  Attacks  limits). 

The  Matrix  El  is  part  of  a  full  line  of  high-per¬ 
formance,  multilayer  switches  from  Enterasys 
Networks.  To  learn  more  about  this  highly 
secure,  competitively  priced  switch,  go  to 

enterasys.com/nw/right-switch  2 
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Automation  has  been  a  long-standing  failure  in  network  management 
products,  but  the  latest  generation  of  such  tools  might  work  as  advertised. 

BY  DENISE  DUBIE 


A 

§  \  mid  some  of  the  worst  economic  times  he’s  seen  in  his  25-plus  years 

in  networking,  Clyde  Wilson  needed  to  upgrade  his  network  to  better  sup¬ 
port  Markel’s  business. 


IGSS  office 


Chris  Utter,  IS  and 
technology  project 
manager,  Mary  Kay 


...  is  about  as 

plausible. 


“My  budget  is  getting  crunched,  I’m  not  allowed  to  hire 
as  many  people  and  I  need  to  do  more  with  what  1 
have  today’  says  the  manager  of  technical  services 
at  the  specialty  insurance  broker  in  Richmond, Va. 
“It’s  just  a  sign  of  the  times.” 

To  make  his  network  more  efficient  without 
unloading  a  lot  of  cash, Wilson  added  software 
from  HRHeroix  and  others  to  automate  man¬ 
agement  tasks  across  the  network,  which  sup¬ 
ports  12  locations. 

The  need  to  do  more  with  less  turned  Wilson 
into  an  early  adopter  of  today’s  automated  man¬ 
agement  tools.  But  he  is  not  alone  in  his  need  for 
automation.  Network  executives  across  the  board 
face  similar  concerns:  reduced  head  count;  tight  or 
no  budget  dollars;  and  growing  demand  to  support 
ever  more  complex  business  services. 

Automation  has  long  promised  enterprise  network  com¬ 
panies  a  combination  of  increased  efficiencies  and  cost  savings, 
but  the  technology  never  really  delivered  on  its  promise.  In  2002,  IBM, 
HPSun  and  Cisco,  along  with  some  savvy  start-ups,  sought  to  eradi¬ 
cate  automation’s  bad  name.  Software  and  hardware  vendors 
launched  campaigns  detailing  product  road  maps  —  such  as 
IBM  with  its  autonomic  computing  and  HP  with  its  adaptive 
management  —  they  say  will  satisfy  enterprise  needs  for  cost- 
<  cutting,  network-optimizing  tools. 

»  “More  than  three-fourths  of  the  average  enterprise  IT  budget 
goes  into  keeping  the  lights  on  and  maintaining  the  status 
quo,”  says  Zeus  Kerravala,  a  vice  president  with 
The  Yankee  Group.  With  a  meager  20%  to 
25%  of  their  budget  available  for 
new  and  in  some  cases  neces¬ 
sary  IT  projects,  enterprise  net¬ 
work  managers  such  as 
Wilson  decided  in  late  2001 
and  throughout  2002  to 
revisit  automation  and 
take  a  look  at  the  slew  of 
new  tools. 


w 


In  the  beginning 

Despite  what  vendors 
might  say,  the  change  they 
want  to  drive  into  every 
network  IT  shop  this  year 
isn’t  a  radical,  new  idea,  but 
one  that  traces  its  origins  back 
to  the  mainframe.  Software  giant 


Computer  Associates  introduced  the  first  commercial  job-scheduling  pro¬ 
duct,  CA-Scheduler,  for  mainframe  environments  in  1981. 

Automated  products  use  process  rules  and  product-  management  infor¬ 
mation  written  into  software  applications  to,  say,  monitor  the  CPU  or 
memory  utilization  on  a  server  at  a  scheduled  time  —  without  human 
intervention.  For  automation  products  to  act  on  behalf  of  a  network  ad¬ 
ministrator,  the  knowledge  of  the  network  hardware  and  software  appli¬ 
cations  needs  to  be  built  into  the  tools. Product  developers  write“if  A  hap¬ 
pens,  then  do  B”  scenarios  into  the  tools,  and  when  a  threshold  is  missed 
or  a  rule  broken,  the  automation  feature  launches  an  action, such  as  pag¬ 
ing  a  network  operator  or  rebooting  a  server.  But  because  of  the  dynamic 
nature  of  networks,  early  automation  products  quickly  failed. 

“Automation  in  distributed  management  has  a  fairly  checkered  past 
—  lots  of  overpromising  and  underdelivering” says  Jasmine  Noel,  prin¬ 
cipal  analyst  at  JNoel  Associates. 

Successful  automation  requires  network  configuration  parameters 
included  in  the  software  to  change  as  the  network  changes, and  immature 
products  could  not  deliver  that  capability  The  variety  and  sheer  volume  of 
network  devices,  events  and  alarms  also  overwhelmed  early  tools 
designed  to  automate  simple  processes.  Hence  the  young  technology  dis¬ 
appointed  users  with  lengthy  deployment  cycles,  and  constant  update  and 
maintenance  needs. 

“But  like  everything  else,  the  ability  to  automate  management  is  improv¬ 
ing,”  Noel  says.  She  says  more  vendors,  such  as  Magnum  Technologies, 
Micromuse  and  Smarts,  learned  to  write  intelligence  into  their  tools  to 
help  automate  network  discovery, data  aggregation  and  event  correlation. 

Leaders  of  the  pack 

IBM  is  leading  the  charge  toward  intelligent  network  management  tools 
and  automation  software.  Big  Blue  became  the  front-runner  in  the  auto¬ 
mation  revolution  in  April  2001  when  it  announced  its  eLiza  initiative, 
which  rolled  into  the  broader  autonomic  computing  initiative  an¬ 
nounced  in  October  2002. 

While  IBM  works  to  integrate  self-healing,  self-managing,  self-pro- 
visioning  and  self-protecting  capabilities  across  its  hardware  group  and 
four  software  brands  (potentially  five  counting  the  $2.1  billion  acquisi¬ 
tion  of  Rational  Software  at  the  end  of  2002),  its  Tivoli  division  already 
delivers  several  of  the  promises  —  on  a  limited  basis.Tivoli.the  network 
and  systems  management  (NSM)  software  arm  of  IBM,  today  delivers  net¬ 
work,  configuration,  service-level  and  security  management  software, 
which  includes  self-managing  and  self-protecting  features.  Steve 
Wojtowecz,  director  of  strategy  for  IBM  Tivoli,  says  today’s  automation 
efforts  face  the  hurdles  of  user  hesitance  and  vendor  integration  across 
heterogeneous  environments.  While  Tivoji,  with  other  vendors,  must  win 
users’  trust  in  automated  offerings,  software  and  hardware  makers  also 
must  improve  integration  among  their  tools,  either  through  standards 
work  or  partnerships,  Wojtowecz  says. 

“It  would  be  ideal  to  manage  and  automate  cross-vendor  technologies 
for  the  sake  of  the  customers,”  he  says. 

Not  far  behind  IBM  is  rival  HPAlso  a  hardware  and  software  behemoth, 
HP  made  news  with  its  Utility  Data  Center  software  announced  in  fall 
2001  and  its  Adaptive  Management  Platform  road  map  from  its  Open  View 
software  division. The  product  strategy,  sounding  much  like  IBM’s  auto- 
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nomic  computing,  promises  intelligent  hardware  and 
automated  software  that  can  ensure  applications  meet 
service  levels, and  free  IT  staff  from  constantly  monitoring 
and  reacting  to  network  performance  problems. 

Jim  Grant,  Open  Views  general  manager, says  the  current 
stream  of  automation  features  in  HP’s  management  tools 
fall  under  the  umbrella  of  service  management.  This 
moves  todays  automation  away  from  past  efforts  that 
focused  on  gee-whiz  technology,  such  as  automatically 
monitoring  static  devices  that  don’t  support  customers  or 
end  users. 

Grant  says  corporate  users  need  to  target  their  automa¬ 
tion  efforts  at  the  customer-facing  services, and  the  ele¬ 
ments  that  support  those  services.  HP  software  can  help 
clients  identify, configure  and  automate  the  support  of  the 
12  most-important  applications  to  a  client’s  line  of 
business,  he  says. 

“Automation  today  can  help  enterprises  translate  busi¬ 
ness  language  into  technology  language  and  cross 


over  the  Tower  of  Babel  that  perhaps  limited  the  poten¬ 
tial  of  the  tools  in  the  past,”  Grant  says. 

Top  software  NSM  competitors  BMC  Software  and  CA 
could  fall  significantly  behind  IBM  and  HP  because  they 
lack  a  hardware  element  in  their  product  portfolios. 

“The  hardware  companies,  such  as  IBM  and  HP  have 
approaches  to  drive  down  the  monitoring  and  manage¬ 
ment  information  into  the  hardware  environment,”  says 
Rich  Ptak,  president  of  Ptak  and  Associates.  “CA  seemed 
to  dismiss  this  idea  last  year,saying  it  was  years  away  from 
reality,  and  it  made  a  serious  error!’ 

For  CAs  part,  the  company  says  it  succeeds  against  its 
hardware-driven  competitors  with  software  that  can  man¬ 
age  and  automate  across  third-party  gear  and  applica¬ 
tions  to  provide  agnostic  management  options  for  het¬ 
erogeneous  enterprise  networks.  But  server  giant  Sun,  an 
unlikely  player  in  the  management  market, might  provide 
the  gear  on  which  CA  and  BMC  can  hone  their  wares,  in¬ 
dustry  experts  say. 

Sun,  with  its  N1  initiative,  might  be  avoiding  the  typical 
management  jargon  in  its  pitches,  but  the  company  can’t 
deny  it’s  looking  to  sell  self-monitoring  services  as  part  of 
its  N1  open  architecture.  The  first  phase  of  Sun’s  staged 
approach  involves  server,  storage  and  network  virtualiza¬ 
tion  to  enable  quick  and  cost-effective  management. 

Sun  has  partnered  with  BMC,  which  developed  a  version 
of  its  flagship  Patrol  software  to  automate  management 
across  Sun  servers;  and  acquired  Terraspring,  a  start-up 
with  products  that  can  automate  server  configuration  and 
dynamically  reallocate  resources  across  data  centers. Yet 
Ptak  sees  Sun  as  a  distant  third  to  IBM  and  HP  in  knowl¬ 
edge  and  experience  in  the  network  management  realm. 
“Sun  fails  to  link  its ‘technology  vision’ to  a  convincing 
chain  of  events  and  products  that  demonstrate  the  superi¬ 
ority  of  its  vision  over  IBM's  or  even  HP’s,”  he  says. 

Other  large  well-known  companies  to  watch  in  the  auto¬ 


mated  management  space  are  Veritas  and  Microsoft. 

Veritas  closed  2002  by  announcing  it  would  acquire 
server  provisioning  software  vendor  Jareva  Technologies 
and  application  performance  management  software 
maker  Precise  Software.  While  Veritas  didn't  indicate  it 
would  expand  from  storage  to  a  broader  automated  man¬ 
agement  approach,  Ptak  says  a  company  with  that  kind  of 
cash  could  make  its  mark  in  management. 

It  has  the  potential  to  be  a  disruptive  influence  if  it  does 
go  that  way’  he  says. 

The  same  goes  for  Microsoft. 

“Management  vendors  should  at  least  be  thinking, 
'What  is  Microsoft  going  to  do?”’  says  Jean-Pierre 
Garbani,  a  director  with  Giga  Information  Group.  He 
points  to  Microsoft’s  success  with  its  Microsoft 
Operation  Manager  (MOM)  software.  He  says  Microsoft 
could  look  to  improve  upon  the  tool  to  address  auto¬ 
mated  data  center  management.  “The 
company  did  not  show  up  on  the 
management  map  at  all, 
and  then  two  years  ago,  it 
comes  out  with  MOM  and 
makes  $300  million.” 

Smart  start-ups 

New  companies  not  intim¬ 
idated  by  going  up  against 
the  industry  giants  emerged 
last  yearVieo,  Relicore,Troux 
and  Appilog. These  compa¬ 
nies  share  the  same  philoso¬ 
phy  that  successful  man¬ 
agement  must  attack  the 
problem  from  the  top  down. 

Until  now,  most  tools 
attempted  to  manage  busi¬ 
ness  services  by  monitoring 
the  infrastructure  devices 
that  support  them,  then  working  their  way  up. Tools  sep¬ 
arately  manage  network  devices  such  as  switches  and 
routers,  and  systems  such  as  operating  systems  and 
servers.Then  they  correlate  this  information  to  determine 
application  performance  and  quality  of  service.  These 
start-ups  propose  to  redefine  the  applications,  underly¬ 
ing  networks  and  back-end  systems  as  components  that 
support  the  service,  thereby  managing  the  whole  vs.  its 
parts.  (See  related  story  at  www.nwfusion.com, 
DocFinder:  3831.) 

Vieo,for  instance, is  noteworthy  because  it  will  use  hard¬ 
ware  to  reroute  application  traffic  automatically  and  im¬ 
prove  the  delivery  of  business  services. 

“Clearly  a  cultural  problem  has  to  be  overcome. The 
focus  has  to  move  off  the  network  and  storage  and  server 
resources  and  focus  entirely  on  supporting  the  applica¬ 
tion  that  supports  the  business,”  CEO  Robert  Fabbio  says. 

Vieo’s  Adaptive  Application  Infrastructure  Management 
(AAIM)  appliance  —  expected  to  ship  in  the  middle  of 
this  year  —  is  a  Layer  2  switch  that  will  initially  manage 
hosts  running  Web,  application  and  database  servers. 
AAIM  will  watch  traffic  looking  for  application  abnor¬ 
malities  compared  with  predefined  policies  that,  for 
example, say  that  traffic  from  an  online  ordering  applica¬ 
tion  gets  priority  over  an  MPEG  file  being  downloaded  to 
a  user’s  desktop.  Because  AAIM  is  a  switch,  it  can  auto¬ 
matically  redirect  and  reprioritize  application  traffic  or 
reallocate  network  resources  as  needed. 

Fabbio’s  concept  that  hardware  can  better  automate 
than  software  might  prove  successful. Cisco  also  builds  in¬ 
telligence  into  its  hardware  to  enable  management, 
among  other  things,  across  the  infrastructure.  Dubbed  the 
programmable  network  layer,  Cisco  says  the  switches, 
routers  and  hubs  include  automated  management  fea¬ 
tures  users  can  launch.  (See  story,  page  6.) 

Garbani  says  newcomers  such  as  Appilog,  Relicore  and 


Troux  also  give  the  application  top  billing  in  their  man¬ 
agement  approaches.The  evolution  of  network  discovery 
has  evolved  alongside  automation,  he  says,  from  IP  dis¬ 
covery'  to  Layer  2  discovery'  to  today’s  forays  into  applica¬ 
tion  discovery 

“By  discovering  the  application  on  the  network, you  can 
now  look  at  all  the  components  of  the  application  and 
understand  how  they  interrelate,”  Garbani  says.  The  rela¬ 
tionships  between  components  can  deliver  a  more 
accurate  picture  of  where  performance  problems  could 
crop  up.  Automatically  discovering  them  would  prevent 
network  managers  from  pouring  through  event  logs  from 
multiple  network  devices. 

Man  vs.  machine 

Markel’s  Wilson  this  year  slowly  will  unlock  and  deploy 
more  automation  features.  He  says  he  knows  the  technol¬ 
ogy  can  help  him  make  the  network  more  efficient  and 
let  him  direct  his  attention  toward  aligning  the  IT  infra¬ 
structure  with  Market’s  line  of  business  —  rather  than 
chasing  down  problems. 

“We’re  only  at  20%  automation  now,  but  we’ll  move  our 
efforts  closer  to  that  ultimate  goal  of  completely  auto¬ 
mating  management  further  in  2003, ’’Wilson  says. While 
he  wants  to  use  the  technology  to  his  advantage, Wilson 
says  automation  is  not  a  cure-all  that  will  replace 
human  expertise. 

“When  the  automation  fails,  because  it  will,  IT  experts 
will  be  needed  because  there  is  nothing  more  powerful 
than  the  human  brain  when  it  comes  to  IT’Wilson  adds. 

Chris  Utter,  information  services  and  technologies  pro¬ 
ject  leader  at  cosmetics  giant  Mary  Kay  in  Dallas,  agrees 
that  automation  can’t  do  it  all. 

“The  theory  that  the  current  automated  management 
software  can  learn  to  respond  to  every  scenario  is  naive,” 
Utter  says. 

Utter  uses  eight  software  tools  to  manage  across  net¬ 
works,  systems,  applications  and  storage  resources.  Most 
recently  he  installed  Micromuse’s  Netcool/Omnibus  man¬ 
agement  software,  which  automatically  delivers  a  central¬ 
ized,  enterprise  view  of  all  the  monitoring  and  alerting 
aspects  of  management  in  Mary  Kay’s  network.  He  says 
the  idea  of  advanced  automation  features  is  exciting  and 
could  represent  significant  cost  efficiencies  for  his  orga¬ 
nization,  but  he  doesn’t  believe  automation  will  replace 
human  intelligence  and  IT  expertise. 

“The  personless  network  operations  center  is  about  as 
plausible  as  the  paperless  office,”  he  says.“The  idea  can 
actually  be  detrimental  to  process  improvement.” 

Still  to  come 

Vendors  still  need  to  prove  they  can  get  automation 
right  this  time,  but  have  been  making  progress. 

“2003  will  not  be  a  year  of  dramatic  revolution  for  man¬ 
agement  vendors,”  says  Corey  Ferengul,  a  program  direc¬ 
tor  with  Meta  Group.“We’re  going  to  see  a  slow  evolution 
where  these  automation  concepts, seemingly  solid  in  the¬ 
ory,  take  shape  in  real-world  tools  —  or  not.” 

Joe  Schinker  had  been  burned  by  early  automation 
tools,  but  recently  turned  to  Smarts’  InCharge  service 
assurance  software. 

“I  learned  1  had  to  be  careful  of  my  expectations  when 
vendors  started  talking  about  automation, ’’says  Schinker,  a 
network  engineer  at  West  Corp., a  call-center  provider  in 
Omaha,  Neb.  InCharge  autodiscovers  West’s  network  at  a 
preset  time  daily  and  then  automatically  updates  configu¬ 
ration  changes. 

“Now  we  get  a  heads-up  on  the  problem  before  we  hear 
from  an  end  user.  And  I’d  say  75%  to  80%  of  the  automa¬ 
tion  in  this  software  is  out-of-the-box,”  he  reports.  “If  you 
told  me  last  year  that  software  could  do  that  level  of 
automation,  1  wouldn’t  have  believed  it.” 

Some  still  won’t  —  until  today's  tools  prove  them 
wrong. ■ 
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Net  management  on  auto  pTltr^ 

Experts  advise  these  steps  before  turning  control 
over  to  the  automated  management  tool: 

Define  business  services:  Include  appli¬ 
cations  and  underlying  hardware. 

^  Set  performance  parameters:  Know  your 
expectations. 


^  Put  processes  in  place:  Ensure  tools  and  staff  follow  the  same. 
L|  Start  small:  Automate  simple  tasks  and  build  from  there. 
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Cisco  intelligent  switches  and  routers 
provide  the  industry's  most  comprehensive 


Looking  Deeper, 
Working  Smarter 


quality-of-service  features,  enabling  you  to 


An  intelligent  infrastructure  provides  end-to-end  QoS 
for  superior  performance  and  control. 


maintain  predictable  performance  levels 
and  support  delay-sensitive  IP  voice  and 


Every  business  has  its  priorities.  So  why  not  share  them  with  your  network?  When  you  run 
your  applications  over  an  intelligent  network  infrastructure,  you  can  ensure  every  data  packet 
is  handled  according  to  the  priorities  and  policies  you  set,  bringing  your  network  operations 
into  perfect  sync  with  your  business  goals. 


video  communications  across  the  LAN  and 
WAN.  Features  include: 

Classification:  Allows  the  network  to 


Cisco  intelligent  switches  and  routers  come  equipped  with  the  most  sophisticated  quality-of- 
service  features  available,  allowing  you  to  deliver  predictable,  measurable,  even  guaranteed 
levels  of  performance  across  the  LAN  and  WAN. 


distinguish  different  types  of  traffic  based 
on  the  applications  involved,  then  sort  them 
according  to  established  priorities. 


An  intelligent  infrastructure  looks  deeper  into  network  traffic,  identifying  the  users  and 
applications  behind  the  streams  of  data.  As  a  result,  it  can  classify  and  mark  packets  to  make 
sure  your  most  pressing  needs  are  met  first,  without  stranding  anyone  or  anything  else.  IP 
voice  and  video  applications,  for  example,  can  be  given  precedence  over  less  time-sensitive 
applications,  eliminating  the  delays  and  packet  loss  that  would  otherwise  get  in  the  way  of 
clear,  cost-effective  communication. 


Marking:  Flags  data  packets  to  ensure 
they  are  handled  based  on  their  relative 
importance  to  your  business  goals,  so  the 
most  critical  needs  are  met  first. 


An  intelligent  infrastructure  also  makes  more  efficient  use  of  bandwidth,  which  becomes 
particularly  important  as  applications  and  services  are  extended  across  the  WAN,  where  band¬ 
width  is  a  scarce  and  pricey  commodity.  Applying  QoS  can  significantly  improve  the  response 
times  of  your  most  demanding  applications,  without  increasing  your  company’s  bandwidth  costs. 


Policing:  Limits  traffic  flows  to  defined  rates 
so  large  files  won't  swamp  the  network  and 
degrade  application  performance  levels. 


Cisco’s  QoS  features  are  based  on  advanced  networking  protocols,  which  are  seamlessly 
integrated  with  each  other  and  the  hardware  through  Cisco  IOS®  Software,  the  operating  system 
that  unifies  all  Cisco  switches  and  routers  and  provides  most  of  the  intelligence  in  the  network. 

Cisco  management  software  lets  you  can  take  full  advantage  of  these  capabilities  without 
being  an  expert,  and  will  even  automatically  apply  best  practices  across  all  network  devices. 
These  management  tools  can  help  your  company  become  more  agile,  too,  making  it  easy  to 
adjust  to  changing  priorities.  So  easy,  in  fact,  that  policies  can  shift  according  to  time  of  day, 
accommodating  different  business  needs  and  patterns  of  network  usage. 

The  end  result  is  a  network  optimized  to  make  your  company  as  productive,  efficient,  and 
profitable  as  possible.  And  after  all,  isn’t  that  the  top  priority? 


Buffering:  Holds  low-priority  packets 
while  urgent  traffic  moves  ahead,  which 
conserves  bandwidth  by  avoiding  the  need  ) 
to  retransmit  data. 

Scheduling:  Controls  the  timely  delivery  of 
traffic  and  alleviates  congestion  so  applica¬ 
tions  can  maintain  peak  performance  levels. 

/ 


Learn  how  the  advanced  QoS  features  of  Cisco  switches  and  routers 
can  deliver  a  greater  return  on  your  investments  in  technology. 
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team  hired  back,  your  budget  increased 


v  x 


he  heat  really  is  starting  to  get  to  you. They  told  you  things 
would  be  better  by  2003,  your  job  would  be  more  secure,  your 


They  lied. 

You  check  your  options.  You  can’t  jump  from  the  sinking  ship  to  the 
lifeboat  because  you’re  already  in  it.  But  wait  —  you  remember  that  intel¬ 
ligence  is  not  a  miracle:  Chance  favors  the  prepared  mind.  No  matter  what 
we  sell  today,  information  needs  to  flow,  and  it  flows  through  network 
services.  Luckily,  vendors  have  been  improving  the  quality  of  net¬ 
works  for  some  time.You  can  prepare  your  network  to  become 
more  resilient  with  products  available  today. 

We  are  closer  to  the  goal  of  the  “lights-out”  data  cen¬ 
ter  based  on  interoperability  and  open  systems 
than  we’ve  ever  been.The  lights-out  data  center 
■  our  industry’s  Holy  Grail  —  runs  with  no 
human  intervention,  taking  care  of  its 
own  troubles  through  so-called  self- 
healing  automatic  repair. 

While  you’ll  want  to  stick  with 
proven  products,  you  won’t  get 
much  of  a  competitive  edge 
by  rolling  out  the  identical 
network  configuration  as 
the  rest  of  your  industry 
Make  time  to  listen  to 
vendors  espousing  more 
theoretical,  strategic  ap¬ 
proaches.  Vendors  such 
as  Sun  certainly  are  aim¬ 
ing  high  when  it  comes  to 
plans  for  virtualizing 
computing,  networking 
and  storage.  But,  today’s 
pie-in-the-sky  strategy  is 
tomorrows  shippable  prod¬ 
ucts.  Network  executives’ 


TlHE  EVOLUTION  OF 

resiliency 

An  industry  insider  gives  his  take  on  the  latest  push  for  resiliency,  and  ■ 
sorts  through  vendor  strategies  for  creating  self-managing  networks. 


BY  GLENN  GABRIEL  BEN-YOSEF 


Today,  if  I'm  lucky. 


I'll  be  totally  ignored. 


That  means  systems  are  humming 


and  data  is  flowing. 


If  not,  I  have  to  fix  it. 


Keep  bad  things  from  reaching  users  and  you'll  get  noticed  for  all  the  good  you  do.  One  way  is  to  use  an  L5500  automated  tape 
library  with  Tape  Mirroring  software  for  foolproof  backup  and  restore.  Or  a  D280  disk  system  with  Remote  Volume  Mirroring 
software  so  systems  rebound  fast.  Whatever  your  solution,  we'll  make  sure  you  only  get  noticed  when  you  want.  Learn  more 
about  this  story  and  other  ways  we  can  help  you  at  www.savetheday.com  STORAC ETE K  Save  the  Day.™ 


The  Magic  Genie  Lamp 

was  celebrated  in  server 
rooms.  With  one  rub,  the 
owner’s  manual  read,  the  genie  would 
grant  added  capacity.  With  another,  he  would 
reduce  the  added  capacity  With  a  third  wish, 
servers  would  instandy  be  self-healing.  All  in  the 
blink  of  an  eye.  It  was  a  lifesaver.  A  cost  saver.  IT  directors 
were  giddy.  They  could  handle  spikes.  Their  servers  would  never 
crash.  They’d  run  at  peak  performance.  It  was  beyond  belief.  Way  beyond 
belief:  the  Magic  Genie  Lamp  was  still  in  beta  testing  and  never  actually  worked. 

AND  THAT’S  WHEN  THEY  CALLED  IBM. 


The  Magic  Genie  Lamp. 
Turn  on  power, 
turn  off  headaches. 


Introducing  the  next  generation  of  the  IBM  (©server  iSeries"  with  select  models 
featuring  on/off  capacity  on  demand.  Need  more  capacity?  Turn  it  on.  The  processors 
are  already  installed.  Spike  over?  Ratchet  back  down.  On  demand.  You  pay  for  the 


processors  you  activate.  All  in  an  environment  that  supports 
Linuxf  Windows®  and  OS/400."  Besides  self-managing  capabilities, 


® 


the  iSeries  can  be  preloaded  and  integrated  with  IBM  WebSphere 


software.  For  your  copy  of  “Why  i:  The  Next  Generation  of  iSeries  IBM  (©server  iSeries. 

Real  magic. 

For  the  real  world. 

Systems  in  the  On  Demand  Era,’  visit  ibm.com/eserver/genie 


IBM.  the  e-business  logo,  eServer,  iSeries,  OS/400,  WebSphere  and  e-business  on  demand  are  trademarks  or  registered  trademarks  ot  International  Business  Machines  Corporation  in  the  United  States 
and/or  other  countries.  Linux  is  a  registered  trademark  ot  Linus  Torvalds  Windows  is  a  trademark  of  Microsoft  Corporation  in  the  United  States,  other  countries,  or  both.  Other  company,  product 

and  servce  names  may  be  trademarks  or  service  marks  of  others.  ©2003  IBM  Corporation.  All  rights  reserved. 


MAGIC  GENIE  LAMP 

IBM  (©server  iSeries 

Three  wishes. 

At  your  command. 

On/off  capacity. 

On  demand. 

Operates  with  oil 
and  hand  rubbing. 

Operates  with  Windows, 
Linux  and  OS/400. 

Brass-based. 

Copper-based. 

Mysterious  and  powerful. 

Simple  and  powerful. 

Imaginary  capabilities. 

Self-managing  capabilities. 

Not  available. 

Available  through  IBM  and 
IBM  Business  Partners. 

—  — 

: _ 

(e)  business  on  demand 


*■*•-■*•  %-‘"Was  f 


-■ 


89q2°9x*8  1/3  ■'■?■■■> 

W*  °B*A  /•,*+  *SJ*U»  °VJ-»A 


1 


www.nviffusion.com/supp/intell/2003/  02.24.03  A  Network  World  Editorial  Supplement 


•  *  -  79  L/3  ’  9  ‘  '*r~T 

C”  1/6iq8?Oq4i 


TVT*7*  n  O  ioah  Oo  q7*»  nqOq4  .5  q74  07^  0*3  .74  2.p8^6  Ol/aw^q^iVT^vl&TC^QflA^  a*i  (T  (aS 


challenge  is  to  balance  market  realities  against  vendor  strate¬ 
gies  for  creating  competitive,  resilient  infrastructures. 

Cisco  s  resiliency  plan 

Problems  with  information  flow  can  basically  occur  in  two 
places:  in  the  device  and  in  the  network  that  connects  devices. 
Both  places  are  logical  spots  to  improve  resiliency. 

Boosting  the  resiliency  of  the  hardware  and  software  in  switch¬ 
es,  routers  and  other  network  devices  is  relatively  simple.The  tech¬ 
niques  we  previously  used  to  keep  our  infrastructures  humming 
included  keeping  an  off-site  inventory  of  spare  parts,  maintaining 
redundant  chassis,  keeping  on-site  hot-swappable  components 
and  redundant  cold/warm  failover  components.  Cold  failover 
components  were  “connected  and  configured”  but  not  yet  booted- 
up  with  software.  Warm  failover  components  were  “prebooted.” 

We  now  have  newer,  more  intelligent  techniques  such  as  load 
balancing,  hot  failover  components,  and  software  logic  and 
state  information  to  keep  things  running  smoothly. 

In  the  network,  we  look  to  topology  and  protocol.  We  used  to 
have  more  network  choices  such  as  thick  and  thin  coax,  Ether¬ 
net,  Token  Ring,  ARCnet  and  FDD1.  Today  we  can  expect  dual 
homing,  fiber  and  IF?  Category  5  copper  and  Ethernet,  and 
802.1  lb. WANs  still  have  SONET, ATM  and  frame  relay. While  little 
can  be  done  about  inherent  network-protocol  issues,  multiple 
data  paths  will  increase  reliability. 

But  resiliency  is  more  than  simply  fixing  what  goes  down.lt  is  the 
ability  to  bounce  back  into  shape  or  position,  to  recover  strength 
after  being  stretched,  bent  or  compressed.  These  attributes  are 
exactly  what  Cisco  says  it  hopes  to  provide  for  IP-based  networks. 

Cisco’s  Globally  Resilient  IP  (GRIP)  is  an  example  of  one  ven¬ 
dors  effort  at  increasing  availability  regardless  of  the  type  of  net¬ 
work  architecture.“The  whole  idea  is  to  give  people  a  consistent 
end-to-end  IP  service  experience,” says  Charles  Goldberg, a  prod¬ 
uct  manager  in  the  Internet  Technologies  Division  at  Cisco.“We 
do  this  by  just  offering  a  software  upgrade  and  not  requiring 
anyone  to  change  hardware.” 

GRIRan  IOS  technology, addresses  resiliency  in  four  areas:  the 
link  layer  (frame,  PPP  and  ATM  connections),  routing,  Multi¬ 
protocol  Label  Switching  and  IP  services  (ensuring  gateway 
router  availability). 


Vendors  are  pitching  new  tools  and  techniques  for  improving  resiliency  at  each 
of  the  three  major  infrastructure  layers  —  services,  software  and  hardware. 


Where  resiliency  resides  I  Technology  What  it  does  How  you  benefit 

Sun’s  Nl,  Lifts  business  process 

IBM’s  Blue  off  infrastructure. 

Typhoon 

Cisco’s  Maintains  Layer  2  con- 

Globally  nections  during  route 

Resilient  IP  processor  failover. 

Hardware  Redundant  Provides  continuous  Mitigates  risk 

components,  service  during  equip-  over  carrier 

dual-homing  ment  and  carrier  failures,  networks. 

SOURCE  CLEAR  THINKING  RESEARCH 


Services 


Software 


Process 

virtualization. 

Uninterrupted 
user  experience. 


Stateful  Switchover  (SSO)  is  a  feature  of  the  Resilient  Link 
Layer  component  of  GRIPThe  “stateful”  part  of  SSO  means  that 
should  a  route  processor  fail,  Layer  2  state  information  will  be 
maintained  with  the  standby  route  processor. The  benefit  is  that 
no  ATM,  frame  relay,  PPRHigh-Level  Data  Link  Control  or  other 
Layer  2  connections  are  lost.  The  router  will  continue  forward¬ 
ing  packets  on  the  last  known  route.Then,once  route  table  con¬ 
vergence  is  completed  with  the  latest  topology,  the  forwarding 
tables  are  updated. 

Cisco  routers  don't  maintain  state  for  TCP  session  numbers, 


Ciscos  Globally  Resilient  IP 

In  an  attempt  at  end-to-end  network  resilience,  Cisco  has 
distributed  the  features  that  comprise  its  GRIP  IOS  technology 
among  various  types  of  routers. 


Enterprise  Enterprise  Service  provider 

backbone  premises  aggregation  edge  Service  provider  core 


•  Multicast  •  Gateway  Load 
Subsecond  Balancing  Protocol. 
Convergence.  .  stateful  NAT. 

•  Stateful  IPSec. 


•  Cisco  Nonstop  •  MPLS  Fast  Reroute 
Forwarding  —  Node  protection, 
with  Stateful 
Switchover. 


SOURCE:  CISCO 


and  Border  Gateway  Protocol  (BGP)  uses  TCPTherefore,  in  the 
event  of  a  route  processor  failure,  BGP  must  reconverge.  Non¬ 
stop  Forwarding  (NSF)  is  Layer  3  technology  that  forwards 
packets  while  the  existing  Layer  2  connections  are  handed  off  to 
the  new  route  processor  during  SSO. 

NSF  SSO  is  available  in  the  three  major  Cisco  router  hardware 
platforms  that  can  support  two  route  processors:  the  7500, 10000 
and  12000.  The  benefit  of  these  combined  Layer  2  and  Layer  3 
features  is  that  the  time  to  switchover  from  the  failed  route  pro¬ 
cessor  to  the  standby  route  processor  is  reduced  from  about  30 
seconds  to  a  high  of  6  seconds  on  the  7500  to  a  low  of  zero  sec¬ 
onds  on  the  12000,  according  to  tests  conducted  by  indepen¬ 
dent  lab  Miercom  on  Cisco’s  behalf.  By  running  NSF  SSO  on 
your  edge  router,  you  probably  won’t  experience  much  of  a 
change  in  your  next-hop  router, so  forwarding  on  the  last  known 
routes  won’t  likely  cause  problems. 

Cisco  maintains  what  it  calls  “minimal  and  necessary  state” 
information  between  the  active  and  the  standby  route  processor 
so  that  customers  can  run  NSF  SSO  on  older  platforms  such  as 
the  7500,  which  has  been  in  the  market  for  about  nine  years  with 
an  installed  base  of  about  130,000  units.  That  state  information 
lets  the  standby  route  processor  know  which  interfaces  relate  to 
which  management  interfaces.  Other  information,  such  as  Open 
Shortest  Path  First  or  BGP  routing  tables,  is  not  maintained,  be¬ 
cause  Cisco  says  re-creating  that  information  can  be  done  before 
users  know  a  stateful  switchover  occurred  in  their  router  or 
neighboring  router.  Stateful  network  address  translation  (NAT) 
maintains  state  for  an  internal  IP  addressing  scheme.  Features 
currently  shipping  include  Nonstop  Forwarding,  Stateful  Switch¬ 
over,  MPLS  Fast  Reroute  —  Node  Protection,  Multicast  Sub- 
Second  Convergence,  IP  Event  Dampening,  BGP  Convergence 
Optimization  and  Stateful  NAT.  Cisco  ex¬ 
pects  Gateway  Load  Balancing  Protocol,  4  '  U  S  '  0  $ 
Incremental  SPF  Optimization  and 
Stateful  IPSec  to  ship  in  the  first  quar¬ 
ter  of  this  year. 

GRIP  interoperability  with  other 
vendors’  network  gear  is  a  ques¬ 
tion. The  issue  surrounds  what  state 
information  is  maintained  and 
what  is  re-created.  Maintaining 
more  state  information  increases 
resiliency, but  is  more  difficult  to  do. 

Re-creating  state  is  slower  but  relies 
completely  on  industry  standards. 

Juniper,  Procket  Networks  and 


More  online! 

Storage,  security,  data  centers.  Join 
our  editors  and  other  experts  as  they 
explore  these  topics  in  or  IT  seminars. 
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HOT-SWAPPABLE  REDUNDANT 


ASIC-BASED  JETSCDPE/sFLDW 


MDNITDRING/AN  ALYSIS 


IRONWARE™  software 


MAC-LAYER  PORT  LOCKING 


Fastlron  Edge  Switches  let  you  do  more  with  less.  Compact  form.  Immense  capabilities, 
Fastlron  Edge  Stackable*  pack  more  power  into  your  wiring  closet  than  any  other  switch.  They  give  you 
tunable  functionality,  configurable  security, and  simplified  management.  The  96-port  model  has  twice 
the  port  density  of  the  nearest  competitor.  With  a  common  user  interface,  standard-based  network 
management  support,  redundant  and  hot-swappable  power  supplies,  and  a  common  software  suite,  the 
Fastlron  Edge  switches  give  you  the  lowest  total  cost  of  ownership  and  the  highest  investment  value  of 
all  the  major  switches.  ( let  a  competitive  edge — get  a  Fastlron  Edge  Switch.  Call  1.888.TURBOLAN 
(887-2652)  or  www.toundrvnetworks.com/fes. 


The  Power  of  Performance 
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Redback  Networks  are  working  with 
Cisco  via  the  Internet  Engineering  Task 
Force  (IETF)  to  implement  some  protocol 
changes  that  will  enable  restarting  the 
TCP  connections  to  BGP  and  then  re-cre¬ 
ating  state,  a  promising  compromise. 
Cisco  says  the  IETF  work  is  in  the  pre¬ 


request  for  comment  stage. Still, Cisco  has 
a  history  of  introducing  modifications  to 
protocols,  a  tactic  it  might  have  to  down¬ 
play  should  the  market  demand  strict 
vendor  interoperability.  Vendors  such  as 
Alcatel  and  Avici  say  they  hope  to  main¬ 
tain  all  state  information  —  including  TCP 


session  numbers  —  without  protocol 
modifications,  which  is  cleaner  from  an 
interoperability  standpoint,  but  more  diffi¬ 
cult  to  pull  off. 

Virtualizing  IT  resources:  Sun  s  N1 

While  Cisco  has  been  busy  increasing 


the  router’s  resiliency.  Sun  wants  to  make 
the  network  invisible.  Spelled  out  in  its  N1 
strategy  Suns  idea  is  to  divorce  the  tool 
from  the  task  by  lifting  application,  file, 
print  and  other  business  services  off  the 
underlying  hardware  computing  and  con¬ 
nectivity  platforms, such  as  servers  and  net¬ 
works,  as  much  as  possible. 

This  smashes  the  notion  of  platform 
specialization  and  frees  developers  to 
code  “conceptually”  to  business  ser¬ 
vices.  This  vision  of  the  virtualization  of 
IT  resources  is  attractive,  but  the  climate 
might  not  yet  be  right  for  such  a  massive 
paradigm  shift. 

Sources  close  to  the  company  say  Suns 
steadfast  commitment  to  N1  most  likely 
stems  from  the  “identity  crisis”  the  com¬ 
pany  faces  as  it  attempts  to  reinvent  itself 
and  live  up  to  its  reputation  as  an  industry 
thought-leader.  While  Sun  shook  up  the  in¬ 
dustry  with  the  invention  of  Java,  the  ven¬ 
dor  didn’t  execute  its  own  Java  plans  well 
and  the  technology  ended  up  benefiting 
other  companies  more  than  Sun. 

The  N 1  vision  is  an  extension  of  the  idea 
of  the  “network  is  the  computer?  a  phrase 
Sun  CEO  Scott  McNealy  coined  years  ago. 
The  goal  is  to  provide  elastic  resources  that 
support  business  processes.  But  customers 
will  derive  real  value  from  the  N1  plan  only 
when  they  can  virtualize  storage  and  net¬ 
work  assets  along  with  server  assets.  While 
Sun  might  have  been  successful  in  virtual¬ 
izing  what  it  already  had  on  the  server 
side,  customers  aren’t  convinced  the  ven¬ 
dor  can  make  the  necessary  multivendor 
alliances  for  market  success  in  those  other 
two  areas.  Nor  does  Sun  have  the  presence 
to  create  a  critical  mass  of  customers  in 
storage  and  network  gear  by  itself. 

Sun’s  vision  is  exciting,  even  if  its  execu¬ 
tion  is  questionable.  Still,  like  Java,  imple¬ 
mentation  of  the  vision  could  come  from 
another  vendor.  IBM  has  a  strategy  similar 
to  Sun’s  Nl.With  a  newfound  strong  pres¬ 
ence  in  services  and  Utility  Management 
Infrastructure  initiatives  such  as  Blue 
Typhoon  (that  hopes  to  ease  virtualiza¬ 
tion  management),  IBM  could  be  that 
vendor.  In  this  highly  competitive  market, 
the  IBM  edge  is  not  as  much  in  its  tech¬ 
nology  as  it  is  in  its  customer  base. With  so 
much  of  its  revenue  coming  from  midsize 
and  large  companies,  IBM  could  start 
billing  on  a  utility  model,  which  would 
easily  lead  to  virtualization  and  provide  a 
real  market  for  Sun’s  vision. 

More  with  less 

The  lagging  economy  means  fewer  IT 
initiatives  might  be  funded.  But  more  is 
riding  on  them  as  business  remains  as 
competitive  as  ever. 

You  need  to  establish  what  IT  service 
level  is  reasonable  for  your  industry  then 
set  a  course  to  attain  and  sustain  that 
level.  Fortunately,  vendors  are  stepping  up 
with  products  and  services  that  help  you 
do  just  that. 

Ben-Yosef  is  principal  analyst  at  Clear 
Thinking  Research  in  Boston.  He  can  be 
reached  at  ggb@cthinking. 
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Control  2  to  512  PCs  or  servers  from  a  single  keyboard, 

monitor  and  mouse  console  with  Tripp  Lite  KVM  Switches! 


Take  TOTAL  CONTROL  with 
Tripp  Lite  KVM  Switches!  Not 
only  will  you  be  able  to  manage 
every  computer  on  your  network, 
you'll  also  SAVE  VALUABLE 
TIME,  MONEY  AND  SPACE. 
Save  hundreds  of  dollars  per  port 
in  hardware  and  electricity  costs, 
eliminate  unnecessary  clutter, 
and  improve  productivity  by 
avoiding  unnecessary  movement 
between  consoles. 


Tripp  Lite's  8-port  rackmount  KVM  Switch  is  full-featured 
yet  economically  priced. 

•  All  metal  housing — occupies  only  1U  of  rack  space 

•  Simple  "plug-and-play"  setup  requires  no  software  configuration 

•  "Always-on"  technology  eliminates  need  for  external  power  source 

•  Individual  port  selection  buttons  allow  for  faster  CPU  selection 
without  scrolling 

•  On-screen  display  provides  simplified  menu-driven  management 

•  Compatible  with  PS/2,  AT*,  USB*,  Mac*  or  SUN*  systems 

•  Desktop  models  also  available 

•  When  used  with  optional  adapters,  sold  separately. 


FREE  4-Port  KVM  Switch! 


Register  online  for  a  chance 
to  win  a  FREE  4-port  KVM  Switch. 

Register  Today!  Visit  www.tripplite.com/promo/nww 

No  purchase  necessary.  Some  restrictions  apply.  Visit  our  Web  site  for  details. 


Tripp  Lite  is  your  single  source  for 
pou  er  protection  anil  connectivity  products. 


TRIPPLITE 


www.tripplite.com 

1111  W.  35th  Street,  Chicago,  IL  60609  (773)  869-1234 
PC  Magazine  Editors  Choice  Award  Logo  is  a  trademark  of  Zrft  Davis  Publishing  Holdings  Inc.  Used  under  license. 
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Many  IBM,  HP  and  Sun  servers  are  already  so  intelligent 
they  can  diagnose,  manage  and  heal  themselves  —  yet 
vendors  promise  even  more  automation. 

BY  MARY  RYAN-GARCIA 


erver,  heal  thyself”  is  the  latest  mantra  of  major  hardware  ven¬ 
dors  offering  the  promise  of  streamlined  IT  operations  through  Lazarus- 
like  “miraculous”  technology.  IBM  is  pitching  its  autonomic  computing 
vision  to  all  who  will  listen.  HP  and  Sun  are  following  suit  with  their  own 
variations  on  utilitarian  computing:  HP  with  its  utility  data  center  (U  DC) 
and  Sun  with  its  wide-reaching  N1  initiative  (see  related  story,  page  6).  All 
three  approaches  are  similar:  Create  servers,  software  and  related  tech¬ 
nologies  that  can  heal  themselves  while  interacting  intelligently  with 
other  networked  devices.  The  result  is  a  wiser,  more  scalable  and  cost- 
effective  IT  environment. 


“heartbeats”  that  upstream  servers  use  to  verify  the  operational  sta¬ 
tus  of  specific  server  systems,  and  it  monitors  for  security  events 
across  the  IT  infrastructure  anti  then  automates  security  incident 
analysis.  Risk  Manager  uses  algorithms  to  correlate  security  alerts 
and  identify  threats  to  server  systems  and  data,  and  then  it  con¬ 
duct  automated  responses  such  as  server  reconfiguration,  security 


The  time  is  ripe  for  such  IT  wisdom,  at  least  on  the  server  front. 
According  to  Forrester  Research,  Global  3500  firms  report  server 
utilization  at  60%  —  meaning  $20  billion  in  new  servers  was 
wasted  last  year. 

Moreover,  the  tough  economy  has  forced  companies  to  squeak  out 
efficiencies  everywhere,  a  reality  vendors  say  they  are  attempting 
to  address.  The  theory  goes  that  by  making  devices  more  self-suf¬ 
ficient,  expensive  man-hours  can  be  recaptured  from  time-con¬ 
suming,  mundane  management  functions,  lake  IBM’s  recent  auto¬ 
nomic  computing  initiative,  a  companywide,  $10  billion  invdst-1? 
ment  in  hardware,  software,  services,  and  research  and  develd)f)-20 
ment  that  many  say  places  Big  Blue  on  the  forefront  of  the  ani¬ 
mation  movement.  l- 

IBM  folded  its  Project  eLiza  self-healing  Server  initiative  into  its 
larger,  autonomic  computing  scheme  and, will  offer  autonomic  func¬ 
tions  for  the  eServer  line,  including  the  Intel  processor-based 
xSeries,  midrange  iSeries  and  Unix  pSerieiy servers.  The  company 
also  offers  autonomic  features  for  the  zSeries  mainframe  servers. 

IBM’s  eServer  products  are  self-configuring^  in  ,that  hardware 
subsystems  and  resources  can  configure  and,  reconfigure  auton¬ 
omously  at  boot  time  and  during  run  time,' according  to  IBM.  Self¬ 
configuring  servers  also  add  or  remove  hardware  in  response  to 
commands  from  administrators  or  hardwar{?;,fesource  manage¬ 
ment  software.  7CC 

Further,  IBM’s  eServer  series  is  self-healing,  meaning  instant  detec¬ 
tion  of  hardware  or  firmware  faults  and  prompt  recovery  from  them 
without 


j,3  "Self-healing 
features  for  NT 
>  process  fail- 
~  ures  can  be 
managed  auto¬ 
matically  by 
the  system  vs. 
t‘  by  a  body." 

Ronda  Kiser,  a  senior 
IT  manager,  Whirlpool 
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compromising  the  operating  system  and  user-level  work¬ 
loads.  IBM  promises.  Self-optimizing  features  autonomously  measure 
performance  and  resource  usage,  adjusting  configuration  accord¬ 
ingly.  Self-protecting  features  enable  the  servers  to  guard  against 
internal  and  external  threats  to  systems  and  applications  integrity. 

In  addition,  IBM  is  rolling  out  new  features  for  its  flagship  Tivoli 
network  management  software  that  automate  tasks  across  network 
systems  including  servers.  Tivoli  Risk  Manager  produces  periodic 
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patch  deployment  and  account  revocation. 

In  all,  IBM  in  October  laid  out  plans  for  boosting  its  systems  management  portfolio 
with  26  autonomic-related  offerings,  including  new  identity  and  storage  resource 
management  software.  IBM’s  Storage  Systems  Group  also  announced  autonomic  fea¬ 
tures  for  its  Enterprise  Storage  Server,  named  Shark.  A  few  products  already  are  avail¬ 
able  with  autonomic  features,  but  most  will  be  upgraded  over  the  next  year  or  more. 

Using  is  believing 

Whirlpool  already  reaps  the  benefits  of  the  autonomic  trend  on  technical  and 
strategic  fronts,  says  Ronda  Kiser,  Whirlpool’s  senior  manager  of  Midrange  &  Dis¬ 
tributed  Operations  Services  for  the  company’s  IT  division,  in  Benton  Harbor,  Mich. 

“The  ability  to  automatically ‘detect  and  fix’ a  problem  at  Whirlpool  can  reduce 
the  amount  of  time  a  physical  body  spends  checking  logs  and  digging  through 
the  infrastructure,”  Kiser  says.The  system  will  do  it  for  us.This  should  reduce  out¬ 
ages,  and  increase  availability  and  human  productivity  —  a  win-win  solution.” 

The  $10  billion  appliance  manufacturer  recently  began  using  supply-chain  man¬ 
agement  software  from  i2  Technologies  on  two  pSeries  Unix  servers.This  software- 
autonomic  server  combination  has  been  instrumental  in  easing  management  of 
Whirlpool’s  supply  chain,  Kiser  says. 

Whirlpool  is  a  solid  IBM  shop,  running  about  500  servers  from  the  Netfinity  and 
RS/6000  lines  and  a  smattering  of  pSeries  Unix  servers,  including  the  autonomic 
660,680  and  690.  Other  than  the  i2  supply-chain  software,  Whirlpool  runs  enter¬ 
prise  application  software  from  SAP  and  Siebel  Systems.lt  relies  on  IBM/Tivoli  sys¬ 
tems  management  tools. 

Whirlpool  also  has  started  taking  advantage  of  the  IBM  xSeries  Intel  processor- 
based  autonomic  servers.  The  company  has  more  than  300  of  these  Windows  NT 
servers  running  IBM  Director  3.1,  which  gives  IT  central  management  for  systems 
placed  globally  Whirlpool  plans  to  complement  that  centralized  management  with 
Tivoli  Distributed  Monitoring  and  perhaps  Tivoli  Enterprise  Console  software,  for 
centralized  event  management,  Kiser  says.  By  doing  this,  she  says,  Whirlpool  has  a 
path  toward  even  more  automation  for  NT, gaining  features  such  as  automated  help¬ 
desk  ticket  generation.“Self-healing  features  for  NT  process  failures  can  be  managed 
automatically  by  the  system  vs.  by  a  body/’ she  says. 
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You’re  losing  time  and  money  with  every  manual  cable  pull. 

The  IntellaPatch  Physical  Layer  Switch  automates  cable  pulls 
and  improves  repeatability.  Each  simulation  is  just  like  the  last 

Applications  also  include  remote  lab  configuration,  and  analyzer 
and  intrusion  detection  insertion.  IntellaPatch  switches  support 
Fibre  Channel,  Ethernet  or  ATM/SONET. 

With  IntellaPatch  switches,  you  save  time  and  money,  and  avoid 
the  pitfalls  of  manual  labor  -  like  blisters. 

Call  toll-free  at  800-624-6808 

or  visit  online  at  WWW.apC0Fl.C0in 

Log  on  to  download  our  whitepaper:  Maximizing  Your  Test  Investment 
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for  Fibre  Channel,  Ethernet,  or  ATM/SONET 


Beyond  NT  servers,  Kiser  sees  the  role  of  automation 
valuable  for  business  applications  such  as  SAP  Self-heal 
ing  can  fix  the  application,  or  its  underlying  infrastruc¬ 
ture,  when  problems  are  detected. She  envisions  the  day 
when  the  infrastructure  is  tied  together  with  end-to-end 
system  management  software.  That,  she  says,  will  “drive 
down  the  amount  of  resources  that  are  required  to  in¬ 
vestigate  and  resolve  problems”  Self-healing  of  servers 
and  other  infrastructure  components  becomes  central 
for  IT  because  “recognizing,  evaluating,  communicating 
and  healing  are  the  keys  to  keeping  our  service-level 
agreements  with  the  business,” she  adds. 

Kiser  anticipates  that  such  future  automation  will  re¬ 
duce  help-desk  calls  as  self-healing  servers  will  fix  sys¬ 
tems  often  before  end  users  experience  problems.  Or,  she  says,  Whirlpool  can  auto¬ 
matically  message  its  more  than  17,000  worldwide  employees  that  it  has  identified 
the  problem  and  is  working  toward  a  fix,  thereby  minimizing  calls  to  the  help  desk, 
which  Whirlpool  outsources  to  HP 

Two  more  for  self-management 

HP  also  is  in  the  self-managing  data  center  race  with  its  UDC,  a  line  of  products 
that  aims  to  virtualize  a  company’s  data  centers  into  a  single  pool  of  resources, 
including  remote  locations.  Since  announcing  the  UDC  product  family  in  Novem¬ 
ber  2001 , HP  has  extended  its  vision  to  include  server, storage  and  network  offerings. 
These  are  integrated, deployed  and  monitored  by  intelligent  management  software. 

For  example,  a  Web  retailer  that  needs  25  servers  to  handle  online  transactions  dur¬ 
ing  the  Christmas  rush  but  only  five  servers  during  the  rest  of  the  year  could  use  UDC 
to  grab  capacity  from  other  corporate  servers  during  the  holiday  season.  It  could 
temporarily  reallocate  capacity  from  a  development  environment,  a  human  re¬ 
sources  system  or  an  SAP  system,  says  Nick  van  der  Zweep,  HP’s  UDC  director.  UDC 
also  provides  failover  of  systems  such  as  firewalls,  load  balancers  and  servers  run¬ 
ning  Windows,  Linux,  HP-UX, Solaris  and  other  operating  systems,  he  says. 

HP  beefed  up  its  self-managing  server  muscles  with  the  acquisition  of  Compaq 
and  its  ProLiant  line  of  servers.The  ProLiant  BL  server  blade  line  has  intelligent  fault- 
resilient  power  and  integrated, “lights  out”  remote  management  features,  HP  says. 

Sun  is  entering  the  competition  with  its  N1  initiative.  Like  its  competitors,  N1 
wants  to  offer  users  automation  and  virtualization  —  the  so-called  utility  comput¬ 
ing  environment.  To  that  end,  Sun  in  November  made  two  acquisitions.  It  bought 
Terraspring,  for  its  server  configuration  technology,  and  Pirus  Networks,  for  its  stor¬ 
age  switches. 

First  on  the  N1  agenda,  Sun  has  added  automation  features  to  its  server  man¬ 
agement  software,  and  addressed  virtualization. Through  software  available  now 
users  can  aggregate  servers, storage,  even  cabling.The  Terraspring  software  creates 
what  Sun  calls  logical  server  farms  that  the  software  automatically  creates  and 
configures.  Other  NI  software  reallocates  and  monitors  resources  as  well.  Sun  has 
promised  to  add  service  provisioning  and  policy  automation  to  Nl  for  delivery 
later  this  year. 

But  Sun  isn’t  totally  ignoring  the  servers  themselves. The  Sun  Enterprise  10000, 
for  instance, offers  systemwide  error  detection  and  correction. And, Sun  says  it  will 
release  an  Nl-enabled  blade  system  sometime  during  the  first  quarter. 

The  server  foundation 

Despite  the  current  vendor  hullabaloo, self-managing  servers  are  a  substantial  par¬ 
adigm  shift  and  true  automation  of  them  looks  to  be  three  to  five  years  out,  says 
John  Humphreys,  a  senior  analyst  with  1DC. 

But  vendors  aren’t  the  only  people  that  see  an  automated  future.  Forrester  has 
dubbed  its  vision  of  the  automated  future  as  “organic  IT”  It  calls  for  an  overhaul  of 
server  networks, storage, software  and  processors  so  that  a  computing  infrastructure 
automatically  shares  and  manages  companies'  IT  computing  resources.  Before  these 
new  buzzwords  from  vendors  and  analysts  appeared,  the  industry  called  the  concept 
of  the  self-sufficient  infrastructure  the  lights-out  data  center.  As  Humphreys  explains: 
“Organizations  want  to  integrate  their  information  structure  under  one  roof." 

Whatever  the  name,  servers  are  the  foundation  on  which  the  future  of 
the  intelligent 
infrastructure 
rests. 

Ryan-Garcia  is  a 
freelance  writer  in 
Coram,  N.  Y  She 
can  be  reached  at 
fresh  content@ 
aol.com. 


.  V. 

Editor:  Beth  Schultz 

(773)  283-0213;  Fax:  (773)  283-0214 

Executive  editor:  Julie  Bort 

(970)  468-2864;  Fax:  (970)  468-2348 

Art  direction:  Jacy  Edelman 
Network  World  art  director:  Tom  Norton 


Managing  editor  Fusion:  Melissa  Shaw 
Online  graphic  designer:  Zach  Sullivan 
Copy  editor:  Ryan  Francis 

Network  World  editorial  director:  John  Gallant 
Network  World  editor  in  chief:  John  Dix 

Cover  and  inside  illustrations  by  John  Hersey 


More  online! 


Keep  tabs  on  server  technology 
news  with  our  free  server  newsletter 

DocFinder  4424 


EMC2 

where  information  lives 


EMC  REDEFINES 
HIGH-END  STORAGE. 

Again. 

Introducing 
Direct  Matrix 
Architecture: 
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EMC’s  new  Symmetrix  DMX  series  with  Direct  Matrix  Architecture. 

4  times  the  internal  bandwidth  and  10  times  the  cache  bandwidth  of  any  other  storage  system. 
100%  software  compatibility.  Unprecedented  application  performance,  protection  and  availability. 
And  all  with  surprising  affordability.  Now  high-end  storage  has  a  new  high  end. 
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Extreme  Networks. 

We're  a  global  pioneer  in 
developing  networking 
infrastructure  for  IP-based 
applications  in  the  large 
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We  see  a  world  emerging 
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the  millions  of  connections 
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Nortel  unfolds  VoIP  service  road  map 


■  BY  JIM  DUFFY 


OTTAWA  —  Nortel  last  week  rolled  out  a 
broad  initiative  geared  toward  getting  ser¬ 
vice  providers  to  use  its  latest  packet  tele 
phony  equipment  to  deliver  new  services. 

At  the  heart  of  the  plan,  dubbed  Suc¬ 
cession  Services,  is  technology  designed  to 
support  services  that  promote  user  mobili¬ 
ty  and  integrate  multiple  devices  and 
media  —  such  as  e-mail, cell  phones,  home 
telephones  and  PDAs. 


■  Packet  Design  LLC  last  week  spun 
off  two  new  companies  to  further 
develop  and  market  its  network  tech¬ 
nologies.  One  of  the  new  spinoffs, 
Packet  Design  will  offer  a  line  of  net¬ 
work  appliances  that  extends  the  rout¬ 
ing  control  plane  to  address  the  relia¬ 
bility,  performance,  scalability  and 
predictability  of  IP  networks.  The  sec¬ 
ond  spinoff,  Precision  I/O,  will  com¬ 
mercialize  a  high-speed  network 
architecture  developed  by  Packet 
Design  that  will  let  servers  take 
advantage  of  increasing  networking 
speeds,  including  10G  bit/sec  Ethernet. 
The  parent  company  will  maintain  a 
majority  ownership  in  the  spinoffs  and 
will  continue  to  assist  in  their  develop¬ 
ment  and  funding,  and  manage  com¬ 
mon  services.  Packet  Design  LLC 
founder  Judy  Estrin  will  be  chair¬ 
man  of  both  new  companies. 

■  Redback  Networks  recently  an 
nounced  it  has  extended  its  partner¬ 
ship  with  Sheer  Networks  and 
added  Cplane  to  its  Solution  Alliance 
Program.  These  operational-support- 
systems  partners  aim  to  ease  provi¬ 
sioning  and  management  of  IP/Multi- 
protocol  Label  Switching  VPN  ser¬ 
vices  enabled  by  the  Redback  Smart- 
Edge  800  router.  CPIane  provides  soft¬ 
ware,  called  ServiceControl,  to  provi¬ 
sion  and  engineer  service  providers' 
packet  networks  for  improved  service 
performance.  Redback's  partnership 
with  Sheer  now  includes  support  of 
the  SmartEdge  800. 


In  Succession 

A  rundown  of  Nortel’s  packet  telephony  service  packages. 

•  Succession  VoIP  VPN  lets  service  providers  manage  a  company's  voice  network  and 
integrate  other  data  services. 

•  Succession  Centrex  and  Succession  Centrex  IP  provide  evolution  to  packet  telephony 
with  line-by-line  migration  and  more  than  200  business  features. 

•  Succession  Personal  Communications  Manager  enables  Web-based,  end-user- 
programmable  call-screening,  routing  and  management. 

•  Succession  Multimedia  and  Collaboration  combines  voice,  video,  and  text  media  in  one 
communication  session.  Services  include  Web-based  video  calling,  instant 
videoconferencing  and  presence-based  collaboration  capabilities. 

•  Succession  Internet  Voice  provides  voice  over  broadband. 

•  Succession  Primary  Voice  provides  a  regulatory-compliant  primary  voice  service  set 
for  new  market  entry  and  competitive  service  differentiation.  Features  Class-5  residential 
voice  services  equivalent  to  public  switched  telephone  network. 


The  initiative  includes  a  service  road 
map,  product  enhancements  and  expand¬ 
ed  co-marketing  program.  The  road  map 
shows  carriers  how  to  stimulate  enter¬ 
prise  and  consumer  demand  needed  to 
generate  service  volumes. 

One  destination  on  this  road  map  is  a 
new  Nortel  offering  that  supports  managed 
services  called  Succession  Voice  over  IP 
(VoIP)  VPN.  VoIP  VPN  brings  together 
branch  offices  and  telecommuters  onto  a 
single  telephone  dial  plan,  and  lets  service 
providers  manage  a  company’s  voice  net¬ 
work  for  them. 

VoIP  VPN  is  hosted  on  Nortel’s  Succession 
Communications  Server  2000  and  2000- 
Compact  softswitches.  VoIP  VPN  lets  com¬ 
panies  reduce  ongoing  operational  expen¬ 
ditures  by  up  to  25%,  the  vendor  says,  citing 
internal  research. 

VoIP  VPN  is  the  latest  in  a  suite  of  Nortel 
offerings  that  enable  managed  services. 
The  others  include  hosted  multimedia  and 
packet  voice  services  such  as  Succession 
Centrex/Centrex  IP  Personal  Commun¬ 
ications  Manager,  Multimedia  and  Collab¬ 
oration,  Internet  Voice  and  Primary  Voice. 

To  help  carriers  combine  these  services 
into  bundles,  Nortel  announced  several 
softswitch  enhancements  under  the  Suc¬ 
cession  Services  plan: 

•  Adding  H.323  interfaces  to  support 
direct  packet  interworking  with  H.323  IP 
PBX  systems  and  gateways.This  will  enable 


converged  VoIP  VPN  services  to  be  offered 
to  the  growing  enterprise  base  of  IP  PBXs. 

•  Expanding  support  for  Session  Initia¬ 
tion  Protocol  to  enable  direct  packet  inter¬ 
working  with  SIP-based  enterprise  PBXs  or 
gateways.This  will  broaden  the  market  for 
VoIP  VPNs,  Nortel  says. 

•  SIP  extensions  that  integrate  Succes¬ 
sion  softswitches  and  Succession  Inter¬ 
active  Multimedia  Server  to  enhance  the 
multimedia  features  carriers  deliver  to 
existing  phones. 

•  SIP  proxy  capability  to  allow  multime¬ 
dia  traffic  to  cross  enterprise  and  public 
switched  telephone  network  domains,  and 


carrier  boundaries.The  ability  to  add  multi- 
media  services  or  personal  call  manage¬ 
ment  to  existing  telephones  could  increase 
carrier  revenue  by  up  to  an  average  of  $18 
per  business  line  and  $15  per  residential 
line,  Nortel  says,  citing  internal  research. 

Nortel  also  has  expanded  its  co-marketing 
program,  MarketForce,  to  include  the  results 
from  a  detailed  market  research  study 
designed  to  understand  specific  buying  pat- 
terns.The  data  is  intended  to  strengthen  car¬ 
riers’  business  planning  and  pricing  analy¬ 
sis,  and  let  them  accelerate  new  service  rev¬ 
enue  generation  with  promotional  and 
lead-generation  campaigns.  ■ 


Cisco  unveils  router  for  managed  services 


■  BY  JIM  DUFFY 

SAN  JOSE  —  Cisco  recently  unveiled  a 
router  for  customer-edge  applications  such 
as  an  Internet  campus  gateway  or  a  service 
provider  managed  service. 

The  Cisco  7301  is  a  1U  device  designed 
for  service  providers  to  offer  managed  ser¬ 
vices  such  as  high-speed  Internet,  IP  VPNs 
and  metropolitan/WAN  connectivity  to  cor¬ 
porations.  Citing  a  recent  Gartner  report, 
Cisco  says  the  U.S.  managed  services  mar¬ 
ket  will  increase  at  a  27.6%  compound 
annual  growth  rate  to  $8.2  billion  by  2006. 

The  7301  sports  three  onboard  copper  or 
optical  Gigabit  Ethernet  ports  and  three  RJ- 
45  Fast  Ethernet  ports.  It  also  includes  a  sin¬ 
gle-port  adapter  slot  to  support  Cisco’s 
7x0frseries  router  interfaces. 

The  7301  features  a  700-MHz  integrated 
processor,  up  to  1G  byte  of  dynamic  RAM 


and  up  to  256M  bytes  of  flash  memory  The 
router  can  support  up  to  1  million  routes 
and  forwards  more  than  900,000  packet/ 
sec,  Cisco  says. 

The  router’s  WAN  interfaces  include  serial 
and  multichannel  T-l/E-1  and  T-3/E-3;  OC- 
3/STM-l  packet-over-SONET  and  ATM;T-1/E- 
1  Inverse  Multiplexing  over  ATM;  ISDN 
Primary  Rate  Interface  and  Basic  Rate 
Interface;  and  High-Speed  Serial  Interface. 
The  product  supports  hardware  encryption 
and  Layer  3  compression  for  VPNs. 

Among  the  managed  service  features  the 
7301  supports  are  Network  Address  Trans¬ 
action;  Cisco’s  Network  Based  Application 
Recognition;  quality-of-service  control 
through  Committed  Access  Rate,  Weighted 
Random  Early  Detection  and  Weighted  Fair 
Queuing;  and  stateful  firewall. 

Service  provider  applications  for  the  7301 
include  broadband  aggregation,  gateway 


functions  between  IPv4  and  IPv6  networks, 
Multi-protocol  Label  Switching-customer 
edge,  and  a  route  reflector.  The  7301  is  in¬ 
stalled  at  Canadian  service  provider 
Primus  Canada. 

Separately,  Cisco  announced  a  port 
adapter  carrier  card  for  the  7304  router  that 
lets  routers  accept  existing  7x00-series  port 
adapters. 

Pricing  for  the  7301  starts  at  $18,000;  the 
7304  starts  at  $22,000.  Both  products  are 
now  available.  ■ 


More  online! 

See  what  enhancement 
Cisco  has  made  to  other 
routers  in  its  7x00  senes 

DocFinder:  4435 
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an  in  the  know. 


And  a  custuMn  engaged 


a  customer  for  life. 


He  anticipates  hisoH^nts'  every  need.  He  expects  the  same.  And  that's 
just  what  happened  when  vyilliam’s  credit  card  company  detected  a 
suspicious  charge.  Sirice  his  cell  phone  is  activated  on  the  network, 
the  bank  could  get  to  him  immediately  with  a  copy  of  the  transaction. 
The  charge  was  legit.  Yep,  he  was  spared  the  hassle  of  his  card 
refused  in  front  of  clients  at  the  clubhouse.  At  Nortel  Networks,  we 
call  this  "the  engaged  business  model'.’  And  we  make  it  possible 
by  enabling  business  to  engage  their  customers  through  delivering 
critical,  time-sensitive  information  on  whatever  device  they  prefer. 
Before  they  even  know  they  need  it.  So  businesses  can  win  the 
loyalty  necessary  to  build  a  solid  revenue  base.  Leveraging  solutions 
like  contact  centers  and  application-aware  switching.  Insuring  user 
mobility  and  network  continuity.  Accelerating  productivity  while 
lowering  costs.  The  results:  customers  like  William  become  customers 
for  life.  All  delivered  by  our  Enterprise  vision.  One  network.  A  world 
of  choice,  nortelnetworks.com/onenetwork 
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SHAPING  YOUR  NETWORK 


Security,  efficiency  are  key  to  AES 


HOW  IT  WORKS 


Advanced  Encryption  Standard 

AES  requires  10  rounds  of  processing.  A  typical  round 
includes  the  following  steps: 


■  w~i_ 

■  ■ 

ffiai . 


O  The  input  to  each 
encryption  round 
is  a  4-by-4-byte 
array  of  128-bit 
plain  text. 


©  Each  byte  of  the 
array  is  mapped 
into  a  new  byte. 


©  The  second  row  shifts  one  byte,  the 
third  row  shifts  two  bytes,  and  the 
fourth  row  shifts  three  bytes. 
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©  The  output  of  each 
round  is  a  4-by-4-byte 
array  of  128  bits. 


©  An  expanded  key 
performs  a  byte-by- 
bye  exclusive-OR. 


©  Each  column  of  bytes  is 
mapped  into  a  new  column 
of  four  bytes. 


■  BY  WILLIAM  STALLINGS 

Advanced  Encryption  Standard  sup¬ 
plants  the  Data  Encryption  Standard  and 
Triple-DES  to  strengthen  security  and 
boost  efficiency. 

Adopted  in  1977  as  Federal  Information 
Processing  Standard  (FIPS)  Publication  46, 
the  aging  DES  encrypts  data  in  64-bit 
blocks  using  a  56-bit  key  In  1999,  the  Na¬ 
tional  Institute  of  Standards  and  Technol¬ 
ogy  (NIST)  issued  a  new  standard,  FIPS 
PUB  46-3,  calling  for  the  use  of  Triple-DES 
except  for  legacy  systems.  In  essence, 
Triple-DES  involves  repeating  the  DES  algo¬ 
rithm  three  times  on  the  plaintext  of  using 
two  or  three  different  keys  (1 12  bits  or  168 
bits)  to  produce  the  ciphertext. 

The  principal  drawback  of  Triple-DES  is 
that  the  algorithm  is  relatively  sluggish  in 
software.The  original  DES  was  designed  for 
mid-1970s  hardware  implementation  and 
does  not  produce  efficient  software  code. 
Triple-DES,  which  has  three  times  as  many 
rounds  of  encryption  as  DES,  is  corres¬ 
pondingly  slower.  Another  weakness  is  that 
DES  and  Triple-DES  use  a  64-bit  block 
length.  To  gain  efficiency  and  security,  a 
larger  block  length  is  desirable. 

Because  of  these  drawbacks,  Triple-DES 


Got  great  ideas 


■  Network  World  is  looking  for  great 
ideas  for  future  Tech  Updates.  If  you 
want  to  contribute  a  primer  on  a  spe¬ 
cific  technology,  standard  or  protocol, 
contact  Amy  Schurr,  senior  managing 
editor,  features  (aschurr@nww.com). 


isn’t  a  reasonable  candidate  for  long-term 
use.  In  2001,  NIST  issued  AES,  known  as 
FIPS  197.  AES  has  a  block  length  of  128  bits 
and  supports  key  lengths  of  128,  192  and 
256  bits. 

The  version  of  AES  with  a  key  length  of 
128  bits  is  likely  to  be  the  one  most  com¬ 
monly  implemented;  this  length  is  suffi¬ 
cient  to  provide  security  and  requires  less 
processing  time  than  a  longer  key  length. 
Thus  far  there  doesn’t  appear  to  be  any  crit¬ 
ical  weaknesses  in  either  AES  or  Triple-DES, 
so  the  level  of  security  is  directly  propor¬ 
tional  to  the  key  length. 

The  input  to  the  encryption  and  decryp¬ 
tion  algorithms  is  a  single  128-bit  block. 
This  block  is  arranged  in  a  4-by-4-byte  ma¬ 
trix  called  the  state  array  which  is  modified 


at  each  round  of  encryption  or  decryption. 
After  the  final  stage,  the  state  array  is  con¬ 
verted  back  to  a  linear  string  of  128  bits. 
Similarly  the  128-bit  key  is  depicted  as  a 
square  matrix  of  bytes.  This  key  is  ex¬ 
panded  into  10  individual  keys  —  10 
rounds  of  processing  produce  the  result. 

A  typical  round  consists  of  four  stages. 
The  ByteSub  stage  uses  a  table,  referred  to 
as  an  S-box,  to  perform  a  byte-by-byte  sub¬ 
stitution  of  the  block.  That  is,  each  input 
byte  is  mapped  into  a  unique  output  byte. 

In  the  RowShift  stage,  the  first  row  of  the 
state  array  is  not  altered.  For  the  second 
row,  a  l-byte  circular  left  shift  is  per¬ 
formed.  For  the  third  row,  a  2-byte  circular 
left  shift  is  performed.  For  the  fourth  row,  a 
3-byte  circular  left  shift  is  performed. 


The  MixColumns  stage  is  a  substitution 
that  alters  each  byte  in  a  column  as  a 
function  of  all  the  bytes  in  the  column. 

For  the  AddRoundKey  stage,  a  4-by4-byte 
portion  of  the  expanded  key  is  used;  each 
byte  of  the  expanded  key  is  combined 
with  the  corresponding  byte  of  the  state 
array  using  the  exclusive-OR  function. 

The  structure  of  AES  is  quite  simple.  For 
both  encryption  and  decryption,  the  ci¬ 
pher  begins  with  an  Add  Round  Key  stage, 
followed  by  nine  rounds  that  each 
include  all  four  stages,  followed  by  a  10th 
round  of  three  stages.The  last  round  does 
not  use  the  MixColumns  stage. 

Only  the  Add  Round  Key  stage  uses  the 
key  For  this  reason,  the  cipher  begins  and 
ends  with  an  Add  Round  Key  stage.  Any 
other  stage,  applied  at  the  beginning  or 
end,  is  reversible  without  knowledge  of  the 
key  and  so  would  add  no  security 

The  cipher  provides  alternating  opera¬ 
tions  of  XOR  encryption  (Add  Round  Key) 
of  a  block,  followed  by  scrambling  of  the 
block  in  the  other  three  stages,  followed  by 
XOR  encryption,  and  so  on. This  scheme  is 
both  efficient  and  highly  secure. 

As  with  most  block  ciphers,  the  decryp¬ 
tion  algorithm  uses  the  expanded  key  in 
reverse  order.  However,  the  decryption 
algorithm  is  not  identical  to  the  encryp¬ 
tion  algorithm. 

Current  implementations  of  AES  are  in 
software,  but  you  can  expect  to  see 
firmware/hardware  implementations  as 
the  encryption  scheme  becomes  more 
widely  used. 

Stallings  is  a  network  consultant  and 
author.  His  most  recent  book  is  Crypto¬ 
graphy  and  Network  Security  He  can  be 
reached  at  ws@shore.net. 


Dr.  Internet 


By  Steve  Blass 


We  have  an  asymmetric  DSL  connection  to 
our  ISP,  which  uses  Dynamic  Host  Configuration 
Protocol  for  IP  addressing.  We  have  to  use  the 
ISP's  software  to  connect  to  the  Internet 
(which  uses  PPP  over  Ethernet),  and  do  it 
through  a  PC  running  Windows  2000.  We  have  a 
Multitech  RF500S  DSL  Router  with  a  four-port 
hub.  When  we  try  to  configure  the  router,  it 
looks  for  a  static  IP  address  in  the  192.x.x.x 
range.  How  can  the  router  resolve  DHCP  with  a 


static  IP  address?  Can  we  get  multiple  users 
on  the  ADSL  connection  without  a  static  IP 
address? 

You  can  support  multiple  users  without  a  static 
IP  address.  The  RF500S  manual  (available  at 
www.nwfusion.com,  DocFinder:  4431)  says 
PPPoE  is  supported  and  includes  instructions 
for  establishing  a  PPPoE  connection  to  your  ISP 
through  the  browser-based  router  administra¬ 


tion  interface  in  the  “ISP  Additional  Settings 
(PPPoE  Settings)"  section  of  the  manual.  Once 
configured,  your  netwopk  will  appear  as  one  user 
to  the  ISP,  while  your  users  are  able  to  share  the 
connection. 

Blass  is  a  network  architect  at 
Change@Work  in  Houston.  Have  an  Internet- 
related  question?  Send  your  questions  to 
dr.internet@changeatwork.com. 
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GEAftHEAD 
INSIDE  THE 
NETWORK 
MACHINE 

Mark 

Gibbs 


We  were  intrigued  when  we  came 
across  a  tool  called  AtYourService 
from  Prism  Microsystems  because 
the  product  —  in  theory  —  lets  you  turn 
any  batch  or  executable  file  into  a  system 
service. 

A  Windows  service  is  code  that  conforms 
to  Microsoft’s  Windows  Service  Control 
Manager  (SCM)  specification  (see  www. 
nwfusion.com,  DocFinder:  4436). 

SCM  is  accessed  through  the  service  con¬ 
trol  panel  applet  and  is  responsible  for 
managing  and  displaying  installed  ser¬ 
vices.  It  also  is  in  charge  of  starting  services 
either  on  system  startup  or  on  demand; 
maintaining  status  information  for  running 
services;  sending  control  requests  to  run¬ 
ning  services;  and  locking  and  unlocking 
the  service  database. 

An  application  can  start  and  control  a 
service  by  using  the  service  functions  in 
the  Win32  API.  Two  of  the  most  common 
implementations  of  these  control  applica¬ 
tions  are  system  tray  applets  (for  example, 


Services  from  any  app 


the  Windows  Network  system  tray  applet 
and  most  antivirus  products)  and  control 
panel  applets  (such  as  the  display  key¬ 
board  and  mouse  applets).  These  control 
programs  act  as  front  ends  to  services  and 
placing  them  in  the  system  tray  or  the  con¬ 
trol  panel  simply  makes  for  a  tidier  user 
interface  (mostly). 

Services  are  important  not  only  because 
they  can  execute  without  affecting  the  user 
interface  but  also  because  they  can  exe¬ 
cute  when  no  user  is  logged  on. 

You  can  set  up  any  program  as  a  service, 
including  compiled  applications,  Visual 
Basic  programs,  Java  applications  and 
scripts.  AtYourService  creates  a  wrapper  for 
the  batch  file  or  program  so  it  acts  as  if  it 
were  a  service.  This  wrapper  is  registered 
with  the  SCM  and  mediates  the  control  re¬ 
quests  to  start  and  stop  the  service. 

We  were  impressed  with  AtYourService 
when  we  tried  it  under  Windows  2000  and 
XP  with  a  tool  we  use  in  the  Gearhead  bun¬ 
ker  called  Ping  Plotter  (reviewed  in  June 
1999;  see  DocFinder:  4437). 

Ping  Plotter  is  a  sophisticated  graphical 
traceroute  tool  and  the  only  problem  with 
it  is  that  if  we  don’t  log  onto  our  server,  Ping 
Plotter  won’t  run  —  it  is  not  a  service. This 
is  a  shame  as  one  of  the  neat  features  of  the 
tool  is  that  it  can  automatically  export  an 
image  of  its  graphs  in  Portable  Network 


Graphics  format.  We  use  these  graphs  in 
our  Web-based  network  management  sys¬ 
tem  but  if  the  server  gets  reset  or  we  log  out 
for  security  reasons,  the  Web  pages  that  use 
the  graphics  don’t  get  updated. 

So  we  used  AtYourService  to  create  a  ser¬ 
vice  using  a  batch  file  to  launch  Ping  Plot- 
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ter.  It  took  some  fiddling  to  get  it  to  work 
correctly  and  at  one  point  we  managed  to 
create  a  Ping  Plotter  service  that  took  out 
the  menu  that  appears  when  you  hit  the 
start  button!  The  product’s  biggest  weak¬ 
ness  is  you  apparently  can  create  an  unsta¬ 
ble  service  that  can  damage  the  operation 
of  the  system. 

The  AtYourService  program  can  be  run 
locally  or  from  any  Windows  PC  that  is 
authorized  to  access  the  services  on  the 
target  machine.  It  displays  the  list  of  ser¬ 


www.nwfusion.com 


vices  and  their  status,  and  can  start  or  stop 
them  similarly  to  the  Services  applet  under 
Windows  NT  or  Win  2000. 

In  the  AtYourService  main  window  you 
also  can  edit  the  properties  of  a  service 
and  create  and  delete  them  if  you  have 
administrator  privileges.  Service  creation  is 
a  wizard-like  process  that  guides  you  thor¬ 
ough  setting  up  the  service. 

With  the  enterprise  version  of  AtYour¬ 
Service  you  can  export  services  so  they 
can  be  installed  on  another  machine. 

Be  careful  in  you  assumptions  about  the 
behavior  of  the  services  you  create: 
Regular  applications  tend  to  expect  user 
interaction  for  error  conditions  and  with 
AtYourService  there’s  a  temptation  to  cre¬ 
ate  services  that  don’t  interact  with  the 
desktop  (that  is,  don’t  present  their  graphi¬ 
cal  user  interface).While  that  sounds  good, 
it  can  create  a  service  that  is  horribly  hard 
to  debug  if  it  fails. 

AtYourService  is  a  really  cool  concept 
and  produces  effective  services  as  long  as 
you  test  them  thoroughly  Priced  at  $60  for 
a  stand-alone  license  and  $200  for  the 
enterprise  license  with  cluster,  site  and 
OEM  licenses  also  available,  AtYourService 
is  highly  recommended. 

Serve  comments  to  gearhead@gibbs. 
com. 


Cool  Too 

Quick  takes 
on  high-tech  toys 

By  Keith  Shaw 


ence  software  for  nurses  and  nursing  students  is  available 
from  Skyscape,  the  company  says. 

Skyscape’s  emergency  medicine  reference  book  soft¬ 
ware  ($65)  includes  270  images  and  50  tables,  and  pro¬ 
vides  content  for  doctors,  nurses  and  emergency  medical 
technicians  for  when  they  are  away  from  a  typical  working 
environment,  Skyscape  says.  The  software  is  available  for 
Palm  OS  and  Pocket  PC  devices. 


Skyscape  bundles  PDAs  with  medical  references 

Skyscape  (www.skyscape.com),  which  makes  medical 
reference  software  for  PDAs,  recently  announced  a  PDA 
bundle  for  nurses,  as  well  as  specialized  content  from  the 
Special  Operations  Forces  Medical  Handbook. 

The  package  costs  $200  and  includes  a  Palm  ml30  color 
handheld  bundled  with  Skyscape  content.  The  content 
includes  one  of  two  software  offerings  —  DrugGuide,  the 
handheld  version  of  Davis'  Drug  Guide 
for  Nurses ;  or  RnNDH,  the  hand¬ 
held  version  of  Nursing 
2003  Drug  Hand¬ 
book.  Other 
refer¬ 


NEC  launches  thin  and  light  Tablet  PC 

NEC  Solutions  (www.necsolutions-am.com)  last  week 
launched  its  Tablet  PC  by  going  thin  and  light  and  offering 
bundled  business  software. The  NEC  Versa  LitePad  starts  at 
$2,400  and  is  aimed  at  the  healthcare,  field  sales  and  pro¬ 
fessional  services  markets,  the  company  says. 

The  LitePad  measures  1 1.7  by  0.6  inches,  weighs  only  2.2 
pounds,  and  has  a  10.4-inch  wide-angle  display  NEC  says. 
The  tablet  ships  with  an  Intel  Ultra-Low-Voltage  Mobile 
Pentium  III  processor  at  933  MHz.  It  has  256M  bytes  of  RAM 
and  a  20G-byte  hard  drive.  The  tablet  also  includes  inte¬ 
grated  802.11a  or  802.11b  wireless  connectivity,  and  an 
Ethernet  port  for  connecting  to  wired  networks. 

Bundled  software  with  the  tablet  includes  Adobe 
Acrobat  Reader  Version  5.0,  Alias/Wavefront’s  SketchBook 
Pro,  Colligo  Networks  Personal  Edition  (peer-to-peer  wire¬ 
less  LAN  software),  Corel’s  Grafico  (annotation  and 
design  software),  FranklinCovey  TabletPlanner,  Office 
XP  Service  Pack  for  Tablet  PC  and  Zinio  Reader 
(eBook  software). 


SMC  gets  into  802.1 1g 

SMC  (www.smc.com)  last  week  announced 
new  802.1  lg  (prestandard)  wireless  equip¬ 
ment.  The  new  line  includes  a  wireless 
cable/DSL  broadband  router,  a  Cardbus 
adapter  (PC  Card  for  notebooks,  $80)  and 
wireless  PCI  Card  (for  desktops,  $90). 
Shipments  will  begin  next  month,  SMC  says. 


Skyscape  is  bundling  med¬ 
ical  reference  software  on 
a  Palm  ml 30  for  nurses 
and  nursing  students. 


The  TDP-D1  from  Toshiba  boasts 
2,000-lumen  output. 


The  Barricade  G  2.4-GHz  54M  bit/sec  Wireless 
Cable/DSL  Broadband  Router  ($140)  includes  a  four-port, 
dual-speed  10/100M  bit/sec  switch,  and  Stateful  Packet 
Inspection,  a  firewall,  network  management  features  and 
VPN  passthrough  support.  Wireless  features  include  the 
ability  to  disable  SSID  broadcasting,  Media  Access  Control 
address  filtering,  and  support  for  64-  and  128-bit  Wired 
Equivalent  Privacy  Support  for  802.  lx  authentication  and 
Wi-Fi  Protected  Access  will  be  included  in  the  second 
quarter,  SMC  says.  The  802.1  lg  equipment  is  backward- 
compatible  with  802.1  lb-based  products, the  company 


Toshiba  ups  the  brightness  on  new  digital  projector 

Toshiba’s  Computer  Systems  Group  (www.csd.toshiba. 
com)  last  week  announced  a  new  portable  projector 
with  a  brightness  of  2,000  lumens,  which  is  at  the  upper 
end  of  brightness  for  its  weight  and  price.  The  TDP-D1 
weighs  5.3  pounds,  delivers  an  800:1  contrast  ratio  and 
supports  XGA  (l,024-by-768-pixel)  resolution. The  projec¬ 
tor  costs  $2,700. 

Other  features  include  automatic  keystone  correction, 
and  a  monitor  output  port  that  lets  users  connect  to  an 
external  monitor  in  addition  to  the  projector. This  feature 
also  includes  passive  loop,  which  lets  the  external  moni¬ 
tor  function  if  the  projector  is  not  turned  on, Toshiba  says. 


Shaw  can  be  readied  at  kshaw@nww.com. 


storage  software  company. 


VERITAS  Software  lowers  your  storage  costs  regardless  of 
the  hardware.  EMC.  Hitachi.  HP.  IBM.  Sun.  What’s  your  agenda? 


veritas.com 


VERITAS 


Copyright  ©  2003  VERITAS  Software  Corporation.  .All  rights  reserved.  VERITAS,  the  VERITAS  logo  and  all  other  VERITAS  product  names  and  slogans  are  trademark*  or  registered  trademarks  of 
VERITAS  Software  Corporation.  VERITAS  and  the  VERIT.AS  Logo  Reg.  LIS.  Fat.  be  Tm.  Off.  All  other  trademark*  are  the  property  of  their  respective  owners. 
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EDITORIAL 

John  Dix 

Forget  phone 
cameras; 
give  me  apps 

Mobile  telephone  operators  from  around  the 
world  gathered  last  week  at  the  3GSM  World 
Congress  meeting  in  Cannes,  France,  to  talk 
about  cell  phone  advances,  including  devices  capable  of 
supporting  videoconferencing. 

While  ultimately  these  tech  marvels  might  appeal  to 
consumers,  (witness  the  fascination  with  cell  phones  that 
can  capture  and  transmit  photos)  to  pluck  dollars  out  of 
business  pockets,  mobile  operators  might  be  better  off 
looking  at  technology  available  today  from  a  company 
called  Action  Engine. 

Action  Engine’s  Mobile  Web  Services  Platform  is  a 
client/server  package  designed  to  simplify  the  process  of 
using  a  cell  phone  to  interact  with  the  Web.  Instead  of  try¬ 
ing  to  shoehorn  a  regular  browser  into  a  phone,  Action 
Engines  software  is  optimized  for  the  limitations  of  the 
client  (Pbcket  PC  devices  today,  and  Smartphone  2002, 
Palm  and  Symbian  in  the  future). 

The  fat  client  is  written  in  C++  and  applications  that 
ride  above  it  are  written  in  XML,  meaning  carriers  can 
customize  applications  and  ultimately  deliver  them  for  a 
range  of  client  devices. 

Applications  shown  to  me  were  for  demonstration  pur¬ 
poses,  but  they  give  a  good  sense  of  what  carriers  could 
create  for  business  users:  a  phone  with  an  oversized 
screen  that  lets  you  do  everything  from  make  airline 
reservations  to  look  up  directions  and  find  restaurants. 

The  beauty  of  the  system  is  it  is  menu-based,  meaning 
you  select  items  instead  of  having  to  key  in  data,  a  huge 
time-saver. The  client  even  memorizes  former  requests  so 
when  you  go  to  make  your  next  flight  reservation  you 
simply  can  rebook  rather  than  start  from  scratch. 

Whats  more,  the  client  treats  data  as  object  that  can  be 
shared  with  other  applications.  If  you  book  a  flight,  for 
example,  then  pull  up  an  application  to  find  a  restaurant, 
the  device  determines  that  you  might  want  to  dine  at 
your  destination  and  offers  that  as  an  option. 

Caching  data  means  that  95%  of  the  processing  is  done 
on  the  client,  minimizing  need  for  high-speed  network 
connections.This  also  means  that  if  you  lose  a  connec¬ 
tion  you  don’t  have  to  start  all  over. 

The  phone  has  become  a  PC, says  Amar  Patel,  director 
of  product  marketing.  Unlike  older  cell  phones,  the  oper¬ 
ating  systems  in  these  new  devices  have  file  systems. 
Couple  that  with  the  fact  that  networks  support  higher 
speed,  and  the  “technology  has  caught  up  to  the  imagina¬ 
tion,”  he  says. 

Now  if  only  carriers  would  focus  on  delivering  capabili¬ 
ties  like  this  instead  of  cell  phone  cameras. 


—  John  Dix 
Editor  in  Chief 
jdix@nww.com 


Partners  responds 

Partners  Healthcare  would  like  to  address  inaccu¬ 
racies  in  the  story  “Proxim  pitches  wireless  LAN 
switch”  (www.nwfusion.com,  DocFinder:  4432), 
which  mentions  our  deployment  of  wireless  net¬ 
works.  First,  Partners  Healthcare  is  not  an  HMO;  it  is 
an  Integrated  Delivery  System,  a  network  of  hospi¬ 
tals  in  eastern  Massachusetts.  Second,  we  have  not 
halted  wide-scale  deployment  of  Cisco  Aironet 
access  points  nor  do  we  intend  to  do  so. 

Partners  has  worked  diligently  to  implement  Cis¬ 
co’s  Lightweight  Extensible  Authentication  Proto¬ 
col  (LEAP)  to  ensure  secure  transmission  of  data 
over  its  wireless  infrastructure.  Partners  is  commit¬ 
ted  to  LEAP  and  its  merits  while  focusing  on 
addressing  key  points  of  concern  as  pointed  out  in 
the  story:  managing  large,  wide-scale  wireless  de¬ 
ployments  and  striving  to  further  enhance  the 
security  of  the  model. 

Scott  Rogala 

Corporate  manager,  network  engineering 
Partners  Healthcare 
Boston 

Editor's  note:  Network  World  regrets  the  errors. 

WLANs  weigh  anchor 

Regarding  “Navy  set  to  navigate  with  wireless 
LANs”  (DocFinder:  4429):  I  hope  the  Navy  under¬ 
stands  that  the  802. 1 1  standard  is  under  consider¬ 
able  risk  of  interference.  Spectrum  management 
risks  on  a  TCP  network  might  be  acceptable 
because  there  is  always  a  chance  to  resend  pack¬ 
ets,  but  that  is  a  bit  harder  to  do  when  the  fleet  is 
taking  fire.  Most  commercial  802. 1 1  wireless  access 
points  use  the  same  frequency  ranges  as  many 
other  common  systems,  such  as  cordless  tele- 

E-mail  letters  to  jdix@nww.com  or  send  them  to  John  Dix,  Editor  In 
Chief,  Network  World,  118  Turnpike  Road,  Southborough,  MA  01772. 
Please  include  phone  number  and  address  for  aerification. 


phones.  I  hope  the  Navy  won’t  be  quick  to  aban¬ 
don  its  conventional  systems. 

Jeff  Engelbrecht 
Triangle,  Va. 

The  key  point  is  the  ability  of  the  wireless  LANs  to 
survive  in  the  electromagnetic  environment  aboard 
a  ship.  We  are  talking  multiple  megawatt  radiated 
energy  radars  aboard, not  to  mention  other  emitters. 
Wireless  LAN  gear  is  not  designed  to  survive  in  this 
environment. 

Donald  Smith 
Principal  analyst 
MTC  Huntsville 
Huntsville,  Ala. 

Easier  computers 

Regarding  Mark  Gibbs’  Backspin  column  “Making 
computers  easier”  (DocFinder:  4430):  Making  com¬ 
puters  easier  is  easy  to  speak  of  but  difficult  to  quan¬ 
tify  Things  are  simple  enough  as  they  are,  if  we  would 
be  allowed  to  catch  up  with  what  already  is  there. 

I  have  learned  many  versions  of  DOS  and  Win¬ 
dows.  I’m  learning  Windows  XP  although  I  really 
have  no  use  for  it  yet.  1  have  had  to  learn  Office  4.3, 
95,97  and  2000,  and  1  have  yet  to  play  with  Office  XP 

This  is  just  the  tip  of  the  iceberg  of  what  PC  support 
personnel  need  to  have  a  handle  on,  and  it  gets 
more  complex  every  year.  Why?  When  we  hit  Win¬ 
dows  98SE  and  Office  97,  we  really  had  all  we  need¬ 
ed  for  the  average  user,  but  we  moved  on  . . .  and  on. 

Each  time  we  get  a  new  operating  system,  there  are 
many  new  features  to  learn,  and  things  that  we  liked 
in  the  old  version  are  gone.  1  am  not  opposed  to 
learning,  but  when  does  it  end  —  or  slow  to  a  fairly 
reasonable  pace? 

Glenn  Bloom 
Computer  specialist 
Federal  Aviation  Administration 
Oklahoma  City 


More  online!  www.nwfusion.com  Find  out  what  readers  are  saying  about  these  and  other  topics.  DocFinder  4428 


www.nwfusion.com 
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VENTURE  OVER  THE  HORIZON 

Todd  Brooks 


t  is  always  challenging  to  look  out  at  a  new 
year  and  predict  which  technology  sectors 
will  be  most  important  to  network  man¬ 
agers  and  most  promising  for  venture  in¬ 
vestors.  The  year  ahead  is  particularly  difficult  because  so  many  eco¬ 
nomic  and  political  questions  remain  unresolved.  However,  here  are 
my  predictions: 

•  Network  security  will  continue  to  be  important.  Intrusion  detection 
and  vulnerability  assessment  are  good  investment  areas  in  2003,  as  are 
application  security  and  host-based  security  products.  Ultimately  how¬ 
ever,  we  will  see  more  tightly  integrated  products  to  reduce  costs  and 
management  complexity.  VPNs  will  become  more  flexible  and  less 
expensive  as  start-ups  provide  technology  to  automate  the  set-up  and 
management  processes. 

•  Another  important  issue  for  network  managers  this  year  will  be 
how  to  deal  with  the  increase  in  remote  wireless  devices  accessing  cor¬ 
porate  networks.  Managing  these  devices,  provisioning  applications, 
and  providing  security  at  the  device  and  network  levels  will  be  critical. 
Wireless  messaging  services  are  becoming  not  just  a  person-to-person 
service,  but  also  a  way  for  companies  to  get  information  to  consumers 
or  to  communicate  with  employees. 

•  Data  storage  and  voice  over  IP  (VoIP)  were  investment  bright  spots 
in  2002  and  should  continue  to  do  well  this  year. We  will  see  less  expen¬ 
sive  and  more  automated  ways  to  store  important  data  with  more  intel¬ 
ligence  added  to  the  storage  networks.  Important  companies  in  this 


Secure  start-ups  will  fare  best  in  IIS 


area  are  Mayfield  investments  3Par  Data  and  OnStor. 

•  VoIP  will  continue  to  gain  traction  largely  in  branch  and  small 
offices.  We  will  not  see  massive  deployments  this  year,  but  after  several 
years  of  trials,  carriers  will  begin  to  roll  out  VoIP  services  such  as  IP 
Centrex  or  IP  videoconferencing.  Mayfield  investments  in  this  area 
include  Convedia,  a  media  server  company  and  Sylantro,  an  applica- 
tions-enabled  Softswitch  vendor. 

•  A  trend  that  will  have  far-reaching  consequences  is  the  deployment 
of  standard-based  hardware  into  the  network  arena.  Standardized  hard¬ 
ware  has  driven  out  proprietary  hardware  at  the  desktop  and  network 
edge  and  is  now  starting  to  move  into  core  servers  and  network  equip- 
ment.This  will  provide  a  real  opportunity  for  start-ups.  In  the  past,  fund¬ 
ing  network  hardware  companies  was  capital-intensive  because  equip¬ 
ment  had  to  be  built  from  scratch.  With  standard  hardware,  start-ups 
can  leverage  industry-standard  processor  technology  and  will  be  bet¬ 
ter  able  to  focus  on  innovation  and  differentiation  in  the  software  layer. 

If  there  is  an  overriding  issue  for  venture  investors  in  the  network 
arena  this  year,  it  is  how  to  interest  network  managers  in  the  products 
and  services  of  start-up  companies.  Network  spending  will  be  going 
toward  deferred  projects  from  the  previous  several  years.  Start-ups  with 
finished  products  and  customers  in  place  will  have  the  best  chance  of 
getting  a  foot  in  the  door. 


Network  spend¬ 
ing  will  be  going 
toward  deferred 
projects  from  the 
previous  several 
years. 


Brooks  is  a  general  partner  with  Mayfield,  a  venture  capital  firm  in 
Menlo  Park,  Calif.  He  can  be  reached  at  tbrooks@mayfield.com. 


ABOVE  THE  CLOUD 

James  Kobielus 


To  most  users,  the  Web  is  a  “world  wide 
wait.”  The  typical  browsing  session  has 
more  long,  awkward  pauses  than  a 
Swedish  art  film.  Even  power  users  with  broadband  connections  are 
frustrated  by  HTML  pages  that  take  too  long  to  display  and  files  that 
take  forever  to  download. 

The  new  generation  of  Web  services,  grounded  in  XML  and  Simple 
Object  Access  Protocol  (SOAP),  isn’t  fundamentally  faster  or  more  reli- 
able.The  reason  for  this  sad  state  of  affairs  is  that  XML  and  SOAP  are  just 
new  freight  in  old  boxcars,  and  the  rails  they’re  riding  are  the  Web’s 
HTTPWhat’s  lacking  from  HTTP  is  a  standardized  means  for  ensuring 
guaranteed,  timely  delivery  of  content  —  be  it  HTML,  XML,  streaming 
video  or  anything  else  —  from  server  to  client.  Instead,  HTTP  offers 
what’s  euphemistically  known  as  best-effort  delivery  which  means  that 
each  intermediate  router  will  attempt  to  forward  packets  to  the  optimal 
next  hop,  but  that  the  end-to-end  path  taken  by  any  individual  packet  is 
beyond  any  node’s  control. 

Web  services  won’t  be  truly  ready  for  enterprise  prime  time  until  the 
industry  provides  tools, standards  and  approaches  for  managing  traffic 
and  ensuring  predictable  end-to-end  performance.  Unfortunately,  the 
industry  hasn’t  begun  to  explore  the  possibility  of  binding  SOAP  to 
something  other  than  HTTP  —  preferably,  to  middleware  protocols, 
such  as  Java  Message  Service  or  MQSeries,that  support  guaranteed,  reli¬ 
able  message  delivery 

Nevertheless,  Web  services  work  well  enough  for  many  real-world 
applications.  Web  services  implementers  have  come  up  with  many  ere 
ative  approaches  for  speeding  and  scaling  delivery  of  HTML  and 
XML/SOAP  traffic  over  HTTP,  without  messing  with  the  underlying 
transport  protocol.The  most  promising  techniques  for  end-teend  Web 
services  traffic  management  are  content  caching  and  choreography 
Unfortunately,  the  industry  hasn’t  converged  on  the  standards  needed 
for  interoperability  among  diverse  vendors’  traffic  management  ap¬ 
proaches.  Until  vendors  agree  on  such  standards,  an  effective  approach 
for  global  management  of  Web  services  traffic  will  remain  out  of  reach. 
For  example,  caching  infrastructures  have  become  critical  to  the 


Web  services  need  traffic  mgmt. 


delivery  of  HTML,  FTP  downloads  and  other  static  contents,  and 
increasingly  are  being  used  with  dynamic  database-driven  contents. 
The  good  news  is  that  there  are  Web  caching  standards.The  bad  news 
is  that  there  are  too  many  of  them.  Caching  vendors  implement  a  con¬ 
fusing  array  of  proprietary  and  open  specifications. 

The  situation  isn’t  much  better  in  the  content  choreography  arena.  In 
Web  services  environments,  choreography  refers  to  the  structured,  rule- 
driven  workflow  of  information  and  tasks  across  network  connections 
between  two  or  more  application  components.  In  a  SOAP-based  envi¬ 
ronment,  choreography  refers  to  the  functions  performed  by  integra¬ 
tion  broker  servers,  and,  to  a  lesser  extent,  by  the  new  wave  of  special¬ 
ized  application  data  router  appliances. 

However,  unlike  IP  routers, application  data  routers  typically  aren’t  set 
up  to  participate  in  a  global  routing  mesh  that  computes  optimal  rout¬ 
ing  paths.  Instead,  application  data  routers  primarily  serve  as  co-proces¬ 
sors  that  accelerate  local  routing  and  transformation  of  XML/SOAP 
messages.There  is  no  equivalent  to  Open  Shortest  Path  First  protocol  or 
Border  Gateway  Protocol  for  XML/SOAP  application  data  routers. 

Over  the  next  several  years,  traditional  IP  network  routers  might 
evolve  to  incorporate  SOAP  content  routing  and  caching  functions. 
Recently,  the  industry  has  taken  a  tentative  step  in  the  right  direction  by 
developing  the  WS-Routing  specification,  which  provides  a  syntax  for 
defining  the  end-to-end  routing  path  of  a  SOAP  message.  But  WS- 
Routing  defines  static  routing  paths,  not  the  dynamic  paths  necessary 
for  adaptive,  real-time  Web  services  traffic  management. 

Increasingly,  Web  services  middleware  approaches  are  being 
deployed  in  mission-critical  corporate  network  applications.  But  Web 
services  still  have  to  prove  themselves  where  performance  and  scala¬ 
bility  are  concerned.  They  could  become  a  sprawling,  unworkable, 
unscalable  mess  if  the  industry  doesn’t  proactively  address  open  issues 
surrounding  end-to-end  traffic  management. 


The  new  genera¬ 
tion  of  Web  ser¬ 
vices  . . .  isn’t 
faster  or  more 
reliable. 


Kobielus  is  a  senior  analyst  with  Burton  Group,  an  IT  advisory  service 
that  provides  in-depth  technology  analysis  for  network  planners.  He  can 
be  reached  at  jkobielus@burtongroup.com. 
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•  Up  to  42  1U  servers  in  a  standard  rack 


servers  per  racn 


Dwight  Gibbs,  director  of  technology  acceleration  at  Capital  One  in 
McLean, Va., says  the  combination  of  blade  server  hardware  and  man¬ 
agement  software  allows  him  to  deploy  new  Web  servers  in  minutes, 
and  to  do  automated  patch  management  on  20  servers  at  once. 


•  Servers  are  typically  Intel  Pentium  III  or 
Pentium  4  single-processor  machines  running 
between  1.26  and  2.26  GHz. 

•  Each  server  comes  with  its  own  power  supply. 

•  Each  server  must  be  connected  via  cables  to 
network  switches  and/or  storage  subsystem. 
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Appro  Systems,  an  application  service 
provider  specializing  in  financial  lending 
applications,  is  using  high-density  blades 
to  fit  the  processing  power  of  20  servers 
into  the  space  that  previously  held  three 
rack-mounted  servers.This  allowed  Appro 
Systems  to  increase  the  capacity  of  its  data 
center  from  350  to  more  than  600  cus¬ 
tomers,  without  adding  space  or  power. 

And  blade  server  technology  allowed 
Gator.com  to  add  more  than  400  new 
servers  without  having  to  lease  addition¬ 
al  collocation  space,  for  a  savings  of 
$24,000  a  month. 

These  companies  and  others  are  turning  to 
blades  to  shave  server  management  costs,  trim 
space  requirements,  and  cut  the  tangle  of  cables 
and  wires  in  the  data  center. 

Early  blades  appeared  in  fall  2001  from  Egenera 
and  RLX  Technologies,  and  focused  on  high-density 
low-power  processing  for  driving  front-end  applica¬ 
tions  such  as  Web  serving.  Blade  technology  earned 
its  stamp  of  approval  when  HRIBM  and  Dell  came 
out  with  blades  last  year.  Sun  released  a  blade  server 
earlier  this  month. 

Individual  blades  have  evolved  from  one-  to  two- 
processor  systems  and  have  added  management  fea¬ 
tures  that  automate  server  processes. Today  blades 
are  capable  of  replacing  traditional  2U  servers  for  a 
variety  of  applications.  And  IBM  last  week 
announced  four-way  blades  based  on  Intel  chips 
(see  story  at  www.nwfusion.com,  DocFinder:  4351). 

John  Madden, senior  analyst  for  Summit  Strategies, 
says  blades  address  a  variety  of  customer  issues. 
“Customers  are  looking  for  more  flexibility  and  bet¬ 
ter  use  of  space,”  he  says.  He  adds  that  improved 
management  features  help  customers  deploy 
servers  quickly,  and  perform  remote  management, 
metering  and  monitoring. 

Longer  term,  some  analysts  see  blades  taking  on 
basic  network  routing  and  server  load-balancing 
functions.  For  example,  IBM  plans  to  embed  a  Layer 
4/Layer  7  LAN  switch  module  in  its  blade  chassis. 

Having  the  network  and  storage  connections 
included  in  the  backplane  is  significant, says  1DC 
analyst  John  Humphreys. “The  fact  that  these  sys¬ 
tems  have  switches  in  them  . . .  replaces  a  whole  tier 


of  switches  in  your  data  center” 

Management  is  Job  One 

Customers  agree  that  one  big  advantage  of  blade 
servers  over  traditional  rack-mount  servers  is  ease 
of  management.  In  a  blade  system,  multiple  blades 
plug  into  a  chassis  with  its  own  backplane  and  bus 
architecture.  Power  supply  network  and  storage 
connections  are  shared  among  all  the  blades. 

Customers  can  perform  automated  software  up¬ 
grades,  patch  management  and  server  setups  on 
multiple  servers  within  the  chassis. 

Gibbs  has  used  RLX  300ex  System  and  Server- 
Blades  at  previous  jobs  and  plans  to  evaluate  blades 
at  his  current  employer.  He  says  that  deploying  Web 
servers  with  RLX’s  Control  Tower  software  takes  a 
matter  of  minutes,  and  Control  Tower  helps  him 
install  security  patches  on  numerous  Linux  servers. 

“Five  minutes  to  deploy  patches  is  a  tremendous 
boon  for  management,”  vs.  patching  each  server. “I 
can  control  a  whole  rack  of  servers  from  one 
blade  . . .  and  keep  a  spare  pool  of  blades  on 
standby  for  doing  database  replication,  launching 
test  servers  or  adding  Web  servers.The  blade  dies, 
and  1  just  pull  it  out  and  pop  in  another.” 

Humphreys  says  blade  servers, such  as  IBM’s 
eServer  BladeCenter  managed  by  IBM  Director  soft¬ 
ware,  offer  solid  hardware  performance  and  money¬ 
saving  server  management  features.“With  IBM  Di¬ 
rector,  you  have  a  streamlined  way  to  manage  any¬ 
where  from  10  to  20  servers  in  one  chassis.  Before 
you  were  doing  that  one  server  at  a  time,”  he  says. 

Space,  the  final  frontier 

Blade  servers  also  help  IT  manage  the  use  of 
space  in  data  centers,  and  troubleshooting  is  easier 
because  cable  clutter  is  reduced.“If  you’ve  got  42 
1U  boxes  in  a  rack  and  you’re  trying  to  trouble¬ 
shoot  a  hardware  problem, you’ve  got  to  trace  the 
wires  and  that  can  get  pretty  uglyf Gibbs  says. 

A  blade  chassis  offers  power  and  network  connec¬ 
tions  that  are  shared  among  all  the  blades,  eliminat¬ 
ing  the  need  for  additional  cabling.  In  traditional 
server  setups  with  hundreds  of  servers,  cables  clutter 
the  data  center,  Gibbs  says. 

On  the  other  hand,  easing  cable  management 
isn’t  a  top  blade-server  draw  for  IT  at  Devon  Energy 


Blade  servers  can  ease  management  and  optimiz 
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pace,  but  might  not  be  ready 


Brad  Whitley,  Intel  systems  supervisor  for  the  oil 
and  gas  producer  in  Oklahoma  City  says  he  keeps 
cables  neat  by  installing  ceiling  trays. 

However,  the  ability  to  reduce  the  amount  of 
equipment  by  using  blades  is  a  benefit,  he  says. 
Through  acquisitions,  the  number  of  servers  in  his 
data  center  has  doubled  every  year,  which  also 
means  double  the  number  of  keyboards,  monitors 
and  mice.That  s  extra  equipment  that  you  have  to 
keep, "Whitley  says, while  blades  automatically  have 
power,  monitor,  keyboard  and  mouse  hooked  up. 

Appro  has  optimized  its  rack  and  data  center 
space  since  deploying  HP’s  ProLiant  one-processor 
blade  servers  last  year,  says  Richard  Caronna,  senior 
consultant  and  former  vice  president  of  delivery 
services  for  the  Baton  Rouge,  La., company 

Caronna  is  putting  20  servers  in  the  same  space 
that  contained  three  HP  DL  320- 1U  servers. 

Appro’s  data  center  originally  was  designed  for 
using  the  bigger  HP  ProLiant  1600s,  with  power  to 
handle  about  210  customers,  he  says. 
“Transitioning  to  the  DL  320s  got  that  number  to 
about  350;  now  we’re  at  a  capacity  with  blade 
servers  that  we  can  push  over  600  customers  in 
our  data  center." 

Money-saving  features 

While  the  hard  cost  of  buying  a  chassis  and 
blades  to  populate  it  is  roughly  the  same  when 
compared  with  traditional  servers,  Caronna  has 
seen  savings  in  other  areas.  For  example,  with  a 
blade  chassis  there  are  two  power  supplies  that  all 
20  blades  share.  Comparable  2U  server  systems 
require  40  power  supplies,  two  for  each  server. 

Appro  avoided  spending  an  additional 
$200,000  in  not  having  to  add  a  new  uninterrupt¬ 
ible  power  supply  system. “The  power  require¬ 
ments  per  server  have  decreased  by  at  least  50% 
with  blade  servers,”  Caronna  says. 

Appro  purchased  the  gigabit  backplane  option 
with  its  HP  blade  servers.The  backplane  has  four- 
gigabit  ports  that  provide  throughput  comparable 
to  traditional  server  setups.“We  can  plug  that  up  to 
our  switches. You  end  up  with  very  similar 
throughput,”  Caronna  says.“But  at  the  same  time, 
we've  gone  from  40  wires  to  four/ 

Consolidation  of  equipment  with  blade  servers  is 
key  to  reducing  costs.  Where  the  DL  320s  required 
purchasing  the  base  system,  along  with  added 
memory  and  hard  drive, “Now  the  blade  is  a  pack¬ 
age  deal,  with  everything  we  need  on  it,”  he  says.“It 
has  more  memory  than  we  were  putting  in  the 
servers  before  and  enough  hard-drive  space.” 

Gator.com, of  Redwood  City,  Calif., saved  $24,000 
per  month  in  collocation  costs  through  its  rollout 


for  high-end  processing. 
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of  22  RLX  blade  server  systems.  Gator  uses  RLX 
800i  Intel  blades  and  RLX  657  Transmeta  blades 
for  Web  hosting,  and  Web  and  application  serv¬ 
ing,  says  Tony  Martin,  vice  president  of  engineer¬ 
ing  for  the  Internet  ad-serving  provider. The  blade 
rollout  allowed  IT  to  add  more  than  400  servers 
without  having  to  lease  a  new  cage. 

He  adds, “Rack  space  is  expensive  at 
collocation  facilities. With  2U  servers, 
we  filled  these  up  really  quicklyYou 
can  take  out  the  existing  2U  servers 
and  put  in  two  RLX  chassis  and  still 
have  three-quarters  of  a  rack  left.” 

David  Richter,  vice  president  of 
infrastructure  and  application  support  for 
Harrahs  Entertainment  in  Las  Vegas,  plans  to 
roll  out  blade  servers  this  year  to  improve 
CPU  utilization  on  its  reservations  system, 
where  call  volume  varies  greatly  “We’ll  be  able 
to  dynamically  run  applications  on  any  num¬ 
ber  of  servers  as  demand  varies  through  the 
day  With  the  old  model  you  had  to  have 
enough  boxes,  enough  horsepower  dedicated 
to  the  application  to  handle  the  peak  time. 

Most  of  the  time  you  just  have  spare  power  sit¬ 
ting  there  unused.” 

But  Richter  says  blade  servers  still  are  early 
in  their  life  cycle,  and  aren’t  ready  to  support 
high-end  applications  such  as  Harrahs’  Ex¬ 
change  server  environment,  which  has  con¬ 
sistent  large  volumes  and  24-7  access  needs. 

Madden  agrees  that  blade  servers  aren’t 
ready  today  for  heavy-duty  transaction  pro¬ 
cessing,  high-availability  applications  or  appli¬ 
cations  that  require  large  amounts  of  storage. 

Challenges  ahead 

Blade  servers  face  several  challenges 
before  they  conquer  the  data  center.  First, 
there  are  no  standards  allowing  users  to  plug  one 
vendor’s  blade  into  another’s  chassis. 

Performance  is  an  issue. “They  just  have  a  lot  to 
prove  when  it  comes  to  these  systems,  not  only  in 
terms  of  price,  but  performance,”  Madden  says. 

Initial  costs  aren’t  any  better  than  those  of  tra¬ 
ditional  servers,  although  there’s  a  case  to  be 
made  for  blades  saving  money  on  the  manage¬ 
ment  side. 

And  blades  still  have  to  prove  that  they  can 
scale  up  to  high-end  database  applications.“Data 
centers  aren’t  moving  to  an  all-blade  architecture 
any  time  soon,”  Madden  says. 

But  blade  servers  will  have  a  place,  Humphreys 
says,  and  IDC  estimates  that  20%  of  server  ship¬ 
ments  will  go  out  in  blade  form  factors  in  2006  ■ 


RLX  Technologies’  ServerBlade: 


14  chassis  fit  into  a  standard  42U  rack. 


•  24  single  processor  Pentium  III-  or 
Xeon-based  server  blades  per  chassis,  for 
a  total  of  336  servers  per  rack. 


•  Or,  optionally,  10  dual  Pentium  4  Xeon 
ServerBlades  in  a  6U  chassis  for  a  total  of 
140  servers  per  rack. 


•  Blades  share  chassis  power  supply. 


•  Each  RLX  ServerBlade  is  said  to 
require  50%  to  80%  less  power  and  gener¬ 
ate  50%  to  80%  less  heat  than  conventional 
1U  servers. 


•  Each  chassis  has  power,  network  and 
storage  connections  built  in,  reducing  cable 
requirements  by  12-to-1. 
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Exclusive  product  test  in  conjunction  with 


DEMO 

IDG  EXECUTIVE  FORUM 
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New  gateway  products  from  MailFrontier  and  Cloudmark  are 
effective  but  bypass  some  end-user  control. 


■  BY  JOEL  SNYDER  AND  JANET  TRUMBO,  NETWORK  WORLD  GLOBAL  TEST  ALLIANCE 


While  desktop-based  antispam  software  is  widely  used  to  keep  unwanted, 
unsolicited  mail  in  check,  savvy  corporate  network  managers  now  are 
pushing  the  onus  of  blocking  spam  out  to  their  mail  gateways.  By  blocking 
unwanted  e-mail  before  it  hits  the  corporate  mail  server,  these  products 
lighten  the  spam  load  on  servers, system  managers  and  end  users. 


We  tested  two  products  of  this  ilk  that  were  introduced 
at  IDG  Executive  Forums  Demo  last  week  in  Scottsdale, 
Ariz.  (see  more  show  information  at  www.nwfusion.com, 
DocFinder:4425).On  the  hot  seat  were  Cloudmark’s 
Authority  and  MailFrontier’s  Anti-Spam  Gateway  (ASG). 

We  conducted  our  tests  at  Opus  One,  a  Network  World 
Global  Test  Alliance  member  and  e-mail  and  security  con¬ 
sultancy  and  found  half  the  mail  during  our  weeklong 
test  period  was  spam  (49.5%, to  be  precise).  Both  prod¬ 
ucts  can  decrease  the  amount  of  spam  substantially. 
Depending  on  your  settings  and  product  choice,  between 
80%  and  90%  of  the  spam  coming  into  your  corporate 
servers  can  be  deflected. 

However,  based  on  our  overall  assessment  of  these 
products,  they  have  a  ways  to  go  before  they’re  ready  for 
the  typical  enterprise  deployment.  Both  take  the  decision 
of  tuning  what  is  and  is  not  spam  away  from  end  users. 
This  is  a  serious  shortcoming  because  the  inability  to 
look  through  quarantined  messages  would  be  a  major 
problem  for  any  company  that  relies  on  email  for  more 
than  casual  communications. 


MailFrontier  did  an  outstanding  job  of  picking  out 
spam  —  detecting  86%  of  the  spam  fired  at  it  over  seven 
days.  But  its  dependence  on  Exchange  and  Outlook  in 
this  first  version  of  the  product  and  the  requirement  to 
add  software  to  end  users’ systems,  as  well  as  some  holes 
in  its  whitelist  management  strategy  counteract  its  superi¬ 
or  spam  identification  algorithms. 

On  the  other  hand,  Cloudmark’s  low-overhead,  low- 
maintenance  application  looks  more  elegant,  but  has 
many  of  the  same  per-user  customization  problems  as 
MailFrontier.  Worse,  of  course,  is  the  relatively  spotty  per¬ 
formance  of  Cloudmark’s  spam  identification  algorithm 
compared  with  the  benchmark  MailFrontier  set. 

Both  companies  have  acknowledged  they  need  to  go 
further  in  letting  users  verify  and  control  their  spam,  and 
plan  to  solve  these  problems  in  the  next  release  of  their 
products. 

How  they  work 

Cloudmark’s  Authority  acts  as  a  Simple  Mail  Transfer 
Protocol  relay  that  is  inserted  in  a  message  stream 


Product:  Anti-Spam  Gateway 

Company:  MailFrontier,  www.maiifrontier.com 

This  antispam  gateway  provides  three  levels  of 
spam  identification  —  not  junk  mail.  Junk  and 
maybe  junk  —  for  ail  mail  trying  to  make  its 
way  to  a  corporate  mail  server.  Using  this 
criteria,  MailFrontier’s  ASG  put  up  some 
impressive  results  in  terms  of  blocking  spam 
and  letting  legitimate  mail  pass. 


Spam  reduction 

(Higher  is  better) 


False  positives 


( 


MailFrontier  starts  at  $15  per  year  per  mailbox,  with 
a  minimum  of  2,000  mailboxes. 


pretty  much  wherever  you  want,  as  long  as  it’s  before 
the  messages  hit  the  corporate  mail  server.  Cloudmark 
delivered  its  relay  to  us  as  a  plug-in  to  the  widely  used 
Sendmail  mail  gateway,  which  we  ran  on  Linux  7.2  on 
a  standard  Intel  platform.  For  testing  purposes,  we  put 
Cloudmark  Authority  between  our  mail  firewall  and  a 

See  Spam,  page  44 
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GIGABIT 


Managed  switches 

from  NETGEAR? 

Absolutely!  You  know  NETGEAR®  as  the  leader  in  Layer  2  Fast  Ethernet 
unmanaged  switches  for  small  business.  After  all,  we  ship  more  ports  than 
anyone  else  in  the  world.*  But  did  you  know  that  we've  launched  a  family 
of  easy-to-use  managed  switches? 

They're  available  with  everything  you  need  for  management  and  stacking: 
stacking  cable,  stacking  ports,  console  cable,  rack-mount  kit  and  gigabit 
uplink  ports.  Other  manufacturers  will  nickel  and  dime  you  for  extras.  Not 
NETGEAR  -  you  can  get  a  complete  solution  at  a  highly  competitive  price. 

Choose  our  non-blocking  FSM726S,  with  24  10/100  Mbps  auto-sensing 
front  ports,  two  front  gigabit  uplinks  and  two  rear-stacking  ports.  Or  choose 
the  FSM750S,  a  48-port  version  of  the  FSM726S. 

Want  an  all-gigabit  solution?  NETGEAR  is  a  market  leader  with  our 
unmanaged  gigabit  switches.  In  fact,  only  Cisco  has  shipped  more  Layer  2 
fixed  gigabit  ports  than  NETGEAR.*  And  now,  we  offer  the  GSM71  2,  a 
managed  solution  featuring  10  copper  gigabit  ports  and  two  GBIC  slots. 

You've  come  to  rely  on  our  unmanaged  switches  for  high  performance, 
affordability,  reliability,  and  24x7,  toll-free  support.  You  can  do  the  same 
with  our  new  family.  Give  your  network  the  NETGEAR  managed  advantage. 
For  details,  visit  www.netgear.com. 


Everybody's  connecting.™ 


*  In-Stat/MDR  3Q  2002  High-End  LAN  Switch  Market  Analysis,  December  2002. 

TGEAR 
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Oioudmark  Authority 

2a.“  Sfcudmark,  www.clcudr, vark.com/products/authority/ 

Cicudmark  Authority  scans  incoming  mail  and  rates  each  message  on  a  scale  of  0  tolOO  —  the  higher  the  score,  the  more  likely  it  is  spam.  As  an  administrator 
you  determine  what  scores  determine  junk  mail,  maybe  junk  mail  and  legitimate  mail.  In  our  tests,  depending  on  where  we  set  the  junk  mall  settings,  we 
ended  up  with  an  unacceptably  high  false-positive  rate  or  a  very  low  spam-filtering  rate. 


Junk  mail  ihreshuld  sei  at  38;  maybe 
junk  mail  threshold  between  50  and  98 


Junk  mail  threshold  set  at  80;  maybe 
junk  mail  threshold  between  50  and  80 


Junk  mail  threshold  set  at  95;  maybe 
junk  mail  threshold  between  70  and  95 


Junk  mail  threshold  set  at  98;  maybe 
junk  mail  threshold  between  80  and  98 


Spam  reduction 

{Higher  is  better) 


False  positives 

(Lower  is  better) 


Spam  reduction 

(Higher  is  better) 


False  positives 

(Lower  is  better) 


Spam  reduction 

(Higher  is  better) 


False  positives 

(Lower  is  better) 


Spam  reduction 

(Higher  is  better) 


False  positives 

(Lower  is  better) 


Cloudmark  is  $10  per  year  per  mailbox,  minimum  of  1,000  mailboxes. 


Spam 

continued  from  page  42 

mailbox  server,  but  you  wouldn’t  have  to  do  anything 
that  complicated.  Because  many  companies  use 
Sendmail  as  their  mail  firewall,  you  could  simply  add 
Cloudmark  Authority  to  an  existing  Sendmail  firewall. 

Cloudmark  Authority  is  simple  once  Sendmail  is  work- 
ing.The  configuration  is  stored  in  three  text  files  that  set 
the  policy  for  handling  spam  and  store  the  whitelist,a  list 
of  domains  or  IP  addresses  that  will  never  be  called  out 
as  spam.  A  blacklist  —  domains  or  IP  ranges  for  which 
mail  will  not  be  accepted  —  is  not  explicitly  supported 
in  Cloudmark  Authority,  but  is  built  into  Sendmail. 

As  Cloudmark  Authority  peers  at  an  incoming  mail 
stream.it  determines  a  score  from  0  to  100  for  each 
message,  with  the  higher  the  score,  the  more  likely  it  is 
spam.  Depending  on  the  score,  it  takes  one  of  five 
actions:  quarantine  the  message  locally  in  a  mailbox  on 
the  Cloudmark  Authority  server;  drop  and  delete  it 
entirely;  return  the  message  to  the  sender;  tag  the  sub¬ 
ject  line  (such  as  adding  “[SPAM]”)  and  send  it  along  to 
the  corporate  mail  server;  or,  add  a  header  tag  to  the 
message  (such  as  “X-Spam”)  and  send  it  along. 

Most  network  managers  will  block  mail  with  a  very 
high  score  (say, above  95),  and  tag  mail  that  might  be 
spam  (with  a  moderate  score,  say  between  70  and 
95).  Spam  mail  that  is  tagged,  either  in  the  subject  line 
or  as  a  separate  header,  usually  can  be  placed  in  a 
separate  folder  by  most  clients  to  help  divert  spam 
out  of  the  normal  mail  stream.  Of  course,  any  tagged 
mail  still  has  to  be  downloaded  by  the  user  and  even¬ 
tually  reviewed. 

MailFrontier’s  ASG  also  is  a  SMTP  relay  and  has  a  simi¬ 
lar  architecture,  with  a  twist.  We  installed  ASG  on  Win¬ 
dows  2000  Server,  along  with  the  included  Web-based 
graphical  user  interface  (GUI). The  difference  in  archi¬ 
tecture  sits  in  two  profilers  included  with  ASG.The  cor¬ 
porate  profiler  runs  on  a  corporate  mail  server  and 
watches  the  log  files.  As  it  sees  users  internally  sending 
messages  to  addresses  outside  the  company,  it  dynami¬ 
cally  adds  those  addresses  to  its  whitelist.This  means 
that  once  mail  is  sent  to  someone,  anything  that  person 
sends  back  will  no  longer  be  considered  spam. The  user 
profiler  software,  which  must  be  pushed  out  to  each 
client,  then  scans  the  address  book  and  the  sent  mes¬ 
sages  and  uses  that  to  preload  the  whitelist  by  sending 
them  to  the  ASG. 

ASG’s  Web  based  configuration  GUI  is  easy  to  learn 
and  use.  In  addition  to  normal  management  functions.it 
includes  a  small  report  writer  for  some  basic  statistics, 


whitelist/blacklist  management  tools  and  quarantine 
management.  ASG  has  a  fairly  limited  list  of  supported 
platforms:  the  corporate  profiler  supports  only  Microsoft 
Exchange,  and  the  user  profiler  works  only  with  full  Out¬ 
look  (not  Outlook  Express).  MailFrontier  officials  say 
they  will  expand  both  in  future  releases. 

ASG  has  three  levels  of  spam  identification:  not  junk 
mail,  junk  and  maybe  junk.  Mail  not  marked  as  spam  is 
sent  to  the  corporate  mail  server  without  change.  Junk 
and  maybe  junk  either  can  be  sent  on  untouched, 
deleted,  quarantined  on  the  ASG  server,  forwarded  to  a 
second  address,  or  sent  to  the  corporate  mail  server 
with  the  subject  line  tagged. 

The  design  of  both  products  could  be  a  major  prob¬ 
lem  in  companies  where  end  users  demand  to  see  their 
own  quarantine  files,  or  set  their  own  spam  thresholds 
and  actions.  ASG  allows  different  users  to  have  different 
actions.  For  example,  some  users  could  have  spam  filter¬ 
ing  disabled  if  they  wanted,  but  the  network  manager 
must  set  this  parameter.  With  both  products,  the  network 
manager  must  read  through  the  quarantine  files  to  iden¬ 
tify  false  positives  and  help  tune  the  whitelists.  Because 
Cloudmark  requires  1,000  users  as  a  minimum  and 
MailFrontier  requires  2,000  minimum  users,  the  quaran¬ 
tine  files  would  become  unmanageable  within  minutes 
of  installation. 

Both  companies  acknowledge  that  this  is  an  issue  and 
say  that  they  are  working  on  a  way  to  solve  these  prob¬ 
lems  in  future  releases.  MailFrontier  has  an  additional 
software  tool  for  Outlook  Express  and  Outlook  users 
called  Matador  that  lets  you  manage  your  whitelist,  but 
this  adds  yet  another  piece  (and  additional  cost)  to  the 
deployment. 

How  well  they  perform 

We  tested  both  products  by  running  a  real-time  stream 
of  real  mail  messages  through  both  products  to  see  how 
they  behaved  (see  How  we  did  it,  DocFinder:4426). 

With  3,090  messages  over  a  seven-day  period,  we  got  a 
good  pile  of  both  spam  and  nonspam  to  look  at. 

In  the  case  of  MailFrontier,  performance  was  easy  to 
gauge  because  there  are  fewer  knobs  to  twist.  MailFrontier 
did  an  excellent  job  both  in  identifying  spam,  reducing 
total  spam  by  86.1%,  and  in  letting  through  good  mes¬ 
sages,  with  a  false  positive  rate  of  l%.When  MailFrontier 
wasn’t  sure,  marking  a  message  as  maybe  junk,  only  1 10 
messages  out  of  3,090  fell  into  that  category 

Cloudmark’s  O-to-100  scale  made  gauging  perfor¬ 
mance  more  difficult.  We  tried  setting  the  thresholds  in 
a  variety  of  ways,  and  always  ended  either  with  an  un¬ 
acceptably  high  false  positive  rate  or  a  very  low  spam¬ 


filtering  rate.  For  the  purpose  of  evaluating  Cloudmark, 
we  picked  two  thresholds  between  0  and  100  and 
assigned  the  higher  one  the  equivalent  junk  label,  and 
the  lower  one  the  maybe  junk  level. 

For  example,  if  we  set  the  junk  category  for  Cloudmark 
to  be  a  score  greater  than  98,  and  the  maybe  junk  level 
to  scores  between  80  and  98,  then  the  false  positive  rate 
drops  to  a  very  acceptable  .6%,  but  the  spam  reduction 
stood  at  43.7%,  with  the  maybe  junk  category  collecting 
450  messages  out  of  3,090. 

On  the  other  hand,  if  we  set  Cloudmark’s  junk  level  to 
80,  with  maybe  junk  between  50  and  80,  then  the  false 
positive  rate  shoots  up  to  an  unacceptably  high  5.3%, 
with  a  spam  reduction  of  62.9%  and  the  maybe  junk  cat¬ 
egory  collecting  only  124  messages  out  of  3,090. 

We  also  calculated  false  negatives:  messages  that  are 
spam,  but  were  not  marked  as  such.  Although  everyone 
wants  to  reduce  false  negatives,  some  are  inevitable  in  any 
system  such  as  this.  We  thought  that  a  false  negative  rate  in 
the  range  of  10%  to  20%  would  be  acceptable,  although 
the  lower,  the  better.  MailFrontier  kept  the  false  negatives  to 
4.2%,  and  Cloudmark’s  product  had  false  negative  reading 
of  16.5%  to  18.1%  depending  on  the  settings  we  used. 

Snyder  and  Trumbo  are  senior  partners  at  Opus  One,  in 
Tucson,  Ariz.  They  can  be  reached  at  joel.  snyder@opus  1 . 
com  and  jan.trumbo@opusl.com. 


Global  Test  Alliance 

-  . 


■  Snyder  is  a  member  of  the  Network  World  Global  Test 
Alliance,  a  cooperative  of  the  premier  reviewers  in  the  net¬ 
work  industry,  each  bringing  to  bear  years  of  practical 
experience  on  every  review.  For  more  Test  Alliance  informa¬ 
tion,  including  what  it  takes  to  become  a  member,  go  to 
www.nwfusion.com/alliance. 

Other  members:  Mandy  Andress,  ArcSec;  John  Bass. 
Centennial  Networking  Labs.  North  Carolina  State  Univer¬ 
sity;  Travis  Berkley,  University  of  Kansas;  Bob  Currier, 
Duke  University;  Jeffrey  Fritz,  West  Virginia  University: 
James  Gaskin,  Gaskin  Computing  Services;  Greg  Goddard, 
University  of  Florida;  Thomas  Henderson.  ExtremeLabs; 
Miercom,  Network  consultancy  and  product  test  center; 
David  Newman.  NetworkTest;  Christine  Perey,  Perey  Re¬ 
search  &  Consulting;  Barry  Nance,  independent  consul¬ 
tant.  Thomas  Powell,  PINT. 
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Data  deluge 


Specialized  storage  systems  help  life  sciences  firms  manage  fixed  content. 


BY  SALVATORE  SALAMONE 


Storage  management  isn’t  easy  for  any  industry  but  biotech  firms  face 
some  particularly  vexing  challenges.  Research  and  diagnostic  tools  rou¬ 
tinely  generate  huge  amounts  of  data.  Complicating  matters  is  the  need 
to  store  much  of  this  data  in  a  way  that  meets  a  range  of  regulatory 
requirements.  What’s  more,  some  of  this  information  needs  to  be  kept  for 
35  years  or  more. 


“We  have  eight  mass  spectrometer  machines  that  pro¬ 
duce  60  gigabytes  of  data  per  hour,  per  machine  run¬ 
ning  around  the  clock,” says  Lloyd  Segal,  president  and 
CEO  of  Caprion  Pharmaceuticals  in  Montreal. The  com¬ 
pany  uses  a  mix  of  Sun  StorEdge  T3  disk  arrays  and 
StorEdge  L700  tape  library  systems.  The  online  stored 
data  is  kept  on  the  StorEdge  T3  systems,  which  accounts 
for  about  5  terabytes  of  capacity 

Industrywide,  biotech  companies  must  deal  with  raw 
data  that  doubles  about  every  six  to  12  months,  accord¬ 
ing  to  experts.  Much  of  this  data  never  changes.  Most 
biotech  research  and  development  experiments  gener¬ 
ate  lab  results  that,  once  produced,  are  simply  kept  on 
file  somewhere.  And  data  collected  in  drug  clinical  trials 
—  including  X-rays,  medical  history  and  patient  reac¬ 
tions  to  drugs  —  is  collected  once  and  never  modified. 

All  this  data  often  must  be  retained  for  more  than  a 
decade  if  it  is  to  be  used  as  part  of  Food  and  Drug 
Administration  new  drug  submission. This  requirement 
to  keep  data  for  such  a  long  time  is  a  storage  manage¬ 
ment  challenge. 

There  have  been  no  specific  studies  to  determine 
what  percent  of  biotech  data  does  not  change  —  so- 
called  fixed  content  data.  However,  in  general  across  all 
markets  75%  of  all  new  digital  data  is  fixed  content, 
according  to  Hal  Varian,  dean  of  the  School  of  Infor¬ 
mation  Management  and  Systems  at  the  University  of 
California,  Berkeley 

For  such  long-term  storage  “there  are  lots  of  problems 
with  tape  and  optical,"  Varian  says.  “The  [data  storage 
medium]  formats  keep  changing.  And  whenever  you 
have  a  change  in  format,  you  have  a  big 
problem  with  data  migration.  It’s  easier  to 
have  the  data  available  on  hard  drives  be¬ 
cause  migrating  becomes  a  much  smaller 
problem.” 

A  number  of  storage  vendors  recently 
have  launched  products  that  try  to  deal 
with  this  issue. 

In  December,  IBM  Storage  Systems  Group 
introduced  IBM  Total  Storage,  designed  for 
sharing,  managing  and  securing  clinical 
trial  patient  information  such  as  magnetic 
resonance  imaging,  electrocardiograms 
and  other  digital  images. The  product  bun¬ 
dle  includes  storage  hardware,  Tivoli  Stor¬ 


age  Manager  software  and  hierarchical  storage  manage¬ 
ment  software  to  manage  data  migration  from  network- 
attached  storage  and  storage-area  network  devices  to 
tape  libraries.  And  several  third-party  document  man¬ 
agement  vendors  have  built  links  to  EMC’s  Centera  stor¬ 
age  systems  to  simplify  the  way  data  is  retrieved. 

Storage  management  problems  were  one  reason  sister 
companies  Celera  Genomics  and  Applied  Biosystems 
overhauled  their  computing  and  storage  infrastructure 
last  year.  The  firms  replaced  a  100-terabyte  storage  sys¬ 
tem  from  HP  and  HP  AlphaServer  data  center  with  EMC 
Centera  systems  and  IBM  eServers. 

The  net  gain  in  processing  power  in  the  switch  from 
the  AlphaServer  to  the  IBM  eServers  was  minimal  — 
total  processing  power  increased  from  1.7  teraFLOPS 
(1.7  trillion  floating  point  operations  per  second)  to  2 
teraFLOPs.  However,  three  EMC  storage  systems  took  the 
place  of  20  HP/Compaq  StorageWorks  systems  and 
other  storage  devices. 

Within  the  company,  the  move  is  seen  as  a  continua¬ 
tion  of  an  evolving  process  to  keep  up  with  data  storage 
demands  while  keeping  management  costs  in  check. 

“We  are  trying  to  provide  high  data-throughput  relia¬ 
bility  and  migrating  to  newer  storage  technology  helps 
us  meet  this  goal,”  says  a  senior  manager  at  Celera  who 
couldn’t  let  his  name  to  be  used. “An  added  benefit  of 
moving  to  newer  technology  is  that  the  capacity  of  the 
systems  chosen  allows  us  to  reduce  the  number  of  dis¬ 
crete  storage  devices  we  need  to  manage.” 

As  a  result  of  this  trend  to  handle  the  combination  of 
longer-term  storage  and  regulatory  compliance,  biotech 
companies  are  starting  to  see  smarter  stor¬ 
age  systems,  in  general,  and  smarter  storage 
networks,  in  particular. “Advanced  functions, 
such  as  volume  management  and  storage 
virtualization,  can  be  implemented  in  the 
fabric,”  says  Dan  Tanner,  an  analyst  at 
Aberdeen  Group.  “Storage  network  buyers 
will  soon  find  themselves  evaluating  storage 
applications  and  then  considering  which 
networks  run  them.” 

That  was  the  case  for  Quantum  Diag¬ 
nostic  Imaging,  a  Dallas  company  that  pro¬ 
vides  diagnostic  imaging  tests  for  referring 
physicians.  The  firm  recently  moved  to 
PACSbuilder.a  new  digital  imaging  workflow 


application  from  Merge  eFilm. 

Merge  eFilm  bundles  its  application  with  EMC’s  Cen¬ 
tera  storage  systems.  The  imaging  application  taps  into 
EMC  Centera’s  ability  to  manage  long-term  storage  of 
fixed  content  data.  The  combination  offloads  many 
mundane  management  tasks,  such  as  keeping  track  of 
specific  locations  of  files. 

Once  the  system  stores  an  image,  Centera  gives  it  a 
unique  identifier,  which  is  all  the  application  needs  to 
know  to  retrieve  that  image. That  means  there’s  no  need 
to  keep  track  of  the  specific  drive,  directory  or  disk  vol¬ 
ume  to  which  an  image  is  saved. 

The  benefit  of  the  new  system  is  that  it  lets  radiologists 
and  physicians  more  easily  access  medical  images 


J  LIFE  SCIENCES  INDUSTRY:  AT  A  GLANCE 

->  Market  composition:  Pharmaceutical,  genomic 
research  and  biotech  companies,  as  well  as 
academic  and  government  laboratories. 

>  Size:  According  to  Ernst  &  Young,  there  are  1,457 
biotechnology  companies  in  the  U.S.The  publicly 
traded  companies  accounted  for  a  market 
capitalization  of  $224  billion  in  2002. 

j  Average  time  cost  to  develop  a  new  drug:  It 

takes  between  12  and  15  years  and  $400  million  to 
$800  million,  reportsTheTufts  Center  for  the  Study 
of  Drug  Development. 

>  Worldwide  biotech  IT  spending:  IDC  forecasts 

this  to  grow  from  $12.2  billion  in  2001  to  $30.6  billion 
in  2006. 


through  a  Web  browser. “This  system  will  help  us  main¬ 
tain  operational  efficiency  that  will  in  turn  help  us  de 
liver  better  patient  care,”  says  Doug  Schapiro,  Quan¬ 
tum’s  COO. “The  combination  of  the  [EMC  and  Merge 
eFilm  products]  will  let  us  quickly  deliver  images  to 
the  physicians.” 

Integral  to  this  trend  is  the  intimate  linking  of  storage 
systems  with  the  applications  that  generate  or  access 
the  data.  “We  are  dealing  with  data  now  that  is 
fundamentally  different  than  anything  we  were  dealing 
with  10  years  ago,”  says  Mike  Poidinger,  CEO  of  the 
Australian  Genomic  Information  Centre  at  the  Uni¬ 
versity  of  Sydney  He  and  others  note  that  because  of 
the  vast  array  of  experimental  techniques  used  in  bio¬ 
technology,  companies  need  help  from  application 
vendors  to  do  more  intelligent  searches  of  this  collec¬ 
tion  of  disparate  data  types. 

Salamone  is  senior  IT  editor  at  Bio-IT  World,  a  sister 
publication  of  Network  World.  He  can  be  reached  at 
Salvatore  Salamone@bio-itworld.  com. 


More  online! 


Learn  more  about  the 
regulatory  requirements  for 
the  biotech  industry. 
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Every  customer  is  an  investment.  But  are  you  investing  wisely? 
mySAP™  CRM,  the  only  open  and  integrated  CRM  solution,  makes  valuable 
customer  data  available  to  your  entire  organization.  In  real  time.  So  the  back 
office  knows  what  the  front  office  knows,  which  makes  it  easier  to  give 
customers  what  they  need.  A  lot  more  efficiently.  And  for  a  lot  less  money. 
Visit  sap.com  or  call  800  880  1727  to  find  out  more  about  mySAP  ( ,RM 


THE  BEST-RUN  BUSINESSES  RUN  SAP 


technology  solutions  were  exhibited  at  SUPERCOMM.* 
Be  here  for  the  important  breakthroughs. 


O  Visit  discover.supercQmm2Q03.com 
O  Register  for  FREE.  register.supercQmm2QQ3.com 
O  Sign  up  for  education.  education.supercomm2QQ3.CQm 
O  Go  to  Atlanta  in  June.  atlanta.supercomm2QQ3.com 


SUPERCOMM  is  your  chance  to  see  breaking  technologies  before  they  become  yesterday's  news.  That's  because  each  year 
SUPERCOMM  brings  the  leading  companies  in  communications  and  IT  together  in  one  time  and  place.  As  a  result,  you  have  a 
unique  opportunity  to  evaluate  fiber,  wireless,  enterprise  and  cable  solutions  from  around  the  world.  You  can  also  participate  in 
exciting  education  sessions  and  industry  demonstrations.  And  you  can  share  ideas  and  information  with  thousands  of  colleagues. 
No  wonder  the  world's  communications  professionals  rely  on  SUPERCOMM.  They  know  that  SUPERCOMM's  global  perspective  helps 
them  make  the  best  possible  choices  for  their  infrastructure.  To  be  there  for  the  next  breakthrough,  go  to  supercomm2003.com 
and  register  now  June  1-5  2003,  Atlanta  Georgia,  supercomm2003.com 
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Tackling  tough  projects 

Companies  move  from  individual  heroics  to  project  management  to  get  IT  rollouts  done. 


■  BY  SUZANNE  GASPAR 

When  Rich  Houle  joined  Northern  Trust  in 
2001,  application  development  projects 
were  dropping  on  his  infrastructure  team 
like  marbles  hitting  a  tile  floor.  Application 
teams  had  his  IT  staff  scrambling  to  meet 
requests  to  build  out  the  network  to  sup¬ 
port  their  work. 

When  the  developers  wrote  new  code  or  had  an 
application  to  launch,  theyd  need  the  database,  Unix  or 
other  infrastructure  teams  to  set  up  the  required  devel¬ 
opment,  testing  and  production  servers  and  ancillary 
equipment. 

The  application  folks  were  spending  too  much  time 
managing  the  build-out,  says  Houle, senior  vice  president 
of  worldwide  operations  and  technology  in  Chicago. 
Meanwhile,  the  infrastructure  people  couldn’t  relate  on  a 
project  level. “They  lacked  project  management  experi¬ 
ence,"  he  says. 

After  contracting  with  two  Project  Management 
Institute  (PMI)  consultants,  Houle  launched  a  project 
management  office  last  year.There’s  no  more  ‘hero 
cowboy’  pulling  it  off  at  the  last  minute,”  he  says.  Now 
the  applications  people  plan  the  work  with  one  of  the 
six  project  managers  who  coordinate,  lead  and  commu¬ 
nicate  with  all  the  infrastructure  teams. 

The  demand  for  IT  project  management  skills  has  risen 
on  the  wave  of  enterprisewide  software  rollouts  of  the 
last  few  years.  Companies  are  adding  formal  roles,  pro¬ 
grams  and  training  to  structure,  prioritize  and  manage  IT 
work  that  encompasses  business  units  and  crosses  conti¬ 
nents.  What’s  more,  certifications  such  as  PMI’s  Project 
Management  Professional  and  CompTIA  IT  Project+  are 
gaining  popularity 

IT  staffing  firm  Robert  Half  Technology  reports  a  re¬ 
cent  spike  in  demand  for  IT  professionals  with  project 
management  skills  to  lead  systems  integration  jobs  for 
Oracle,  PeopleSoft  and  other  ERP  applications.  Demand 
has  increased  30%  overall  since  2001,  and  project  man¬ 
agers  are  rated  as  seventh  on  the  list  of  hottest  IT  posi¬ 
tions  in  2003,  according  to  the  firm’s  survey  of  1,400 
CIOs.  Compensation  for  project  management  specialists 
ranges  from  $30  to  $300  an  hour,  based  on  the  level  of 
experience. 

Gopal  Kapur,  president  for  the  Center  of  Project  Man¬ 
agement,  agrees  there’s  an  acute  need  for  project  man¬ 
agement  skills  in  IT  because  of  the  complexity  of  sys¬ 
tems  integration  technologies  such  as  ERR  SAP  and 
CRM  that  require  enterprisewide  discipline. 


Based  on  preliminary  results  from  the  center’s  annual 
poll  of  national  conference  attendees,  the  percentage  of 
challenged  projects  that  have  compromised  quality, 
schedules  or  budgets  rose  to  40%  for  2002,  compared 
with  30%  in  2001.  Conversely,  the  percentage  of  failed 
projects  declined  from  30%  to  20%  in  2002,  and  the  per¬ 
centage  of  project  successes  remained  steady  at  30%. 

As  the  complexity  rises  and  projects  grow,  the  losses 
are  much  bigger.“In  1995,  we  didn’t  hear  of  companies 
filing  for  bankruptcy  or  multimillion-dollar  lawsuits  due 
to  failed  projects,”  Kapur  says. 

David  Foote,  president  and  chief  research  officer  of 
Foote  Partners, sees  a  similar  trend.  He  has  studied 
failed  IT  projects  in  which  companies  were  spending 
hundreds  of  millions  of  dollars  on  technology  that  was¬ 
n’t  working.  Now  deployments  are  forcing  IT  to  become 
more  accountable  and  outline  a  quantifiable  return  on 
investment.“Business  people  said, ‘Wait  a  minute,  some¬ 
body  has  to  pay  for  this,  and  somebody  has  to  be  in 
charge,’”  he  says. 

Project  management  provides  that  structure  to  get  IT 
done,  says  Foote,  who  estimates  the  number  of  project 
management  offices  will  double  in  the  next  four  years. 
Project  management  offices,  typically  under  the  IT  um¬ 
brella,  employ  staffers  with  experience  in  managing  a 
range  of  technology  projects. The  purpose  is  to  establish 
a  routine  way  to  set  up  the  authority  and  accountability 
to  support  multiple  complex  projects.The  process  lets 
IT  get  the  issues  out  of  the  way  upfront,  manage  and 
educate  teams  at  different  stages  of  projects,  monitor 
vital  signs  and  identify  troubled  projects  that  need 
killing  early  on  in  the  process. 

Project  management  offers  a  flexible  process  for  han¬ 
dling  sudden  changes  from  technology  vendors  and  the 
economy,  Kapur  concurs.“We’re  beginning  to  see  the 
relationship  between  good  project  management  and 
successful  projects,”  he  says. 

Northern  Trust’s  project  management  structure  lets 
Houle  more  easily  prioritize  IT  work.“In  one  discus¬ 
sion,  I  have  a  list  of  what  we  are  doing  for  every  single 
app  team.  When  things  get  nutty,  and  we  have  to  make 
priority  calls,  it’s  a  piece  of  cake,"  Houle  says. 

Project  management  always  has  been  important  at 
Harrah’s  Entertainment,  and  IT  now  is  formalizing  the 
role  of  project  management  to  keep  pace  with  business 
growth  and  development  projects. 

“When  you’re  doing  four  properties  simultaneously  in 
different  states,  there  is  one  key  person  who  is  the  lead, 
and  that  person  is  from  IT,"  says  Tim  Stanley,  CIO  at 
Harrah’s  in  Las  Vegas.  For  complex  projects,  IT  assigns 
two  or  three  project  managers  and  one  super-project 
manager  to  drive  the  entire  show. 

Harrah’s  uses  a  “playbook”  for  business  expansion  pro¬ 
jects  and  is  expanding  its  use  to  the  development 
teams. The  playbook  is  a  documented  resource  that  out- 


Premium  pay 

The  practice  of  awarding  bonus  pay  for 
project  management  certifications  as  a 
percentage  of  median  base  salary  edged  up 
since  2000  but  has  held  steady  through  2002. 


16% 


SOURCE:  FOOTE  PARTNERS'  QUARTERLY  HOT 
TECHNICAL  SKILLS  A  CERTIFICATIONS  INDEX 


Gore  competencies 


IT  workers  need  to  develop  three  skill  sets 
for  project  management:  business/techni¬ 
cal,  process  and  leadership. 


Business/technical: 

•  Knows  the  business. 

•  Thinks  critically. 


•  Initiates  action. 

•  Manages  risk. 


Process: 

•  Attention  to  details. 

•  Communicates  clearly. 


•  Structures  process. 


Leadership: 

•  Builds  the  team. 

•  Manages  complexity. 
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1  Effective  decision- 
making.  ..  • 

Builds  strategic  support.  • 

SOURCE.  FOOTE  PARTNERS 
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•  Focuses  on  results. 

r 


lines  IT’s  role  in  business  expansions,  conversions  and 
new  openings. These  guidelines  lead  IT  through  project 
management  protocols,  time  estimates  and  required 
skills  to  convert  systems,  procedures  and  processes.“We 
can  pull  together  key  teams  of  folks  from  across  the 
country,  different  functional  areas  and  map  all  of  this 
out,”  Stanley  says. 

While  Harrah’s  doesn’t  require  project  management 
certifications  of  new  hires,  IT  invests  in  training  and 
compensates  employees  through  related  performance 
objectives. “As  we  do  recruiting,  we  look  for  that  as  sort 
of  an  extra  bonus,"  Stan  ley  says.NT  professionals  need 
to  be  as  good  with  people  and  the  process  as  they  are 
with  the  technology  itself.”  ■ 
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The  Hub  of  the  Hetwork  Buy 


10/100  BaseT  Ethernet 

IP  for  HTML,  SNMP  & 
Telnet  Management 


RS-232 

Serial  Management 


Link  Port 
(daisy  chains  to) 

Expansion  Module 
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Zero  U  Power 


Power  Tower  XL 

•  Outlet  Grouping  across 
power  circuits 

•  Input  Current  Monitor 

•  New  HTML  GUI 

•  Power-up  Sequencing 

•  Zero  U  vertical  and  Rack- 
mount  horizontal  models 

•  Add  a  second  Power  Tower 
to  manage  32  power-ports 


;  *  Sentry  Power  Tower. 

Equipment  Cabinet  Solutions 


Server  Technology,  Inc  5= 

Sandhill  Drive  Reno,  Nevada  89511  USA 
eryertech.com  toll  free:  1.800.835.1515 
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Self-Paced  Computer  Training 


This  is  the  way  to  learn!" 

(Stcvmivfj 

V* 


Media-Rich  Content 


•  Challenging  Labs 

•  Comprehensive  Tests 

•  Practical  &  Proven 


NETWORK  •  ONLINE  •  CD-ROM  •  VIDEO 

Mitroreff*  •  CenpTIA*  «  Novell*  «  Clue*  •  left**  •  Adobe*  •  lioex  •  CIW# 

1.800.865.0165  *  AvailableONLYatlearnkey.com/networld  lILcarnKcy 

©  2002  leornKey,  Int.  LK082602  Source  Code  #4048 

‘limited  time  offer,  some  restrictions.  Prices  listed  ere  for  Single-Users.  Pleos#  ceil  for  Meiti-User  pricing  and  Corporate  solutions. 


W  u 

Security*  Certification  $355' 

Introductory  Offer!  Limited  Time!  ”  ' 


15  Year  Anniversary  Savings! 

mssmm mm 

Network+ 

4  Sessions 

$  265  "0  *  355 

i-Net+ 

5  Sessions 

$  315  *  «» 

Windows  XP  Professional 

6  Sessions 

$  370  *  «5 

Windows  2000  Network  Security  Design 

3  Sessions 

$  195  reg.$  265 

Cisco*  MCNS 

6  Sessions 

$  710  reg.S  945 

IntellaPatch  16- 

and  32-Port  Physical  Layer 


Switches  for  10/100/1000 
Ethernet 


You’re  losing  time  and  money  with  every  manual  cable  puiL 
The  IkttllaPatch  Physical  layer  Switch  automates  cable  puls 
and  improves  repeatability.  Each  simulation  is  just  like  the  last 

Applications  also  indude  remote  lab  configuration,  and  analyzer 
and  intrusion  detection  insertion.  InteuaPakh  switches  support 
Fibre  Channel,  Ethernet  or  ATM/SONET. 


TestDrive  Fibre  Channel 
Drive  supports  I  or  2Gb/s 
over  Fiber  Optic  or  Copper 


□  Apcon 


With  IrntUAPfltH  switches,  you  save  time  and  money,  and  avoid 
the  pitfalls  of  manual  labor  -  like  blisters. 

Call  toll-free  at  800-624-6808 
or  visit  online  at  www.apcon.com 

log  on  to  download  our  whitepaper:  Maximizing  Your  Test 


INTELLAPATCH  32-Port  Physical  Layer  Switch 
for  Fibre  Channel,  Ethernet,  or  ATM/SONET 


On-Command  Power  Switching  for  four 
Network  Equipment.**  from  Anywhere! 


Applications: 

Remote  Power  Management 
X  Servers 

X  Routers  Firewalls  DSU/CSU's 
X  Web  Cams 

Turn  On/Off  any  AC  or  -48VDC 
Powered  equipment  via  telnet, 
modem  or  local  terminal. 

Electronic  equipment  sometimes  "locks- 
up"  requiring  a  service  call  just  to  flip 
the  power  switch  to  do  a  simple  reboot. 
With  WTI  Remote  Power  Switches  you 
have  the  ability  to  perform  this  function 
from  anywhere  on  the  LAN/  WAN,  or  if 
the  network  is  down,  to  simply  dial-in 
from  a  modem  for  out-of-band  control. 


For  over  a  decade  WTI  has  been 
leading  the  way  in  Remote  Power 
Switching  technology  offering  more 
products  choices  for  small  or  large  scale 
remote  management  strategies. 

Our  switches  are  now  installed  in 
thousands  of  sites  world  wide.  Our 
customers  know  they  can  depend  on 
our  superior  quality  and  reliability  for 
their  most  mission-critical  operations. 


Yes,  we  are  customer  friendly! 

X  Two  year  warranty 
X  We  stock  for  same  day  shipment 
X  30  day  return  policy 
X  Start-up  cables  and  rack  ears  included 

Want  an  on-line  demo? 

Just  call  or  e-mail  and  you'll  see  for 
yourself  why  so  many  network 
professionals  choose  WTI. 


EIGHT  PLUG  -  DUAL  BUS 


©  Dual  15  Amp  Circuits 
©  Telnet,  lOBaseT  Ethernet 
©  RS232  Console  and  Modem  Ports 
©  User  plus  Admin  Security  Features 
©  115VAC  and  230VAC  Models 


TWO  PLUGS  -  LOW  COST 


©  Two  Addressable  Plugs 
©  Telnet,  lOBaseT  Ethernet 
©  RS232  Console  and  Modem  Ports 
©  115VAC  and  230VAC  Models 
©  Manual  on/off  Buttons 


HIGH  CURRENT  -  DUAL  BUS 


NPS-2HD 


©  Ideal  for  CISCO  6500/7500 
©  Dual  20  Amp,  115VAC  Circuits 
©  Telnet,  lOBaseT  Ethernet 
©  RS232  Console  and  Modem  Ports 


DUAL  BUS  -48VDC 


©  Dual  -48VDC,  40  Amp  Circuits 
©  Telnet,  lOBaseT  Ethernet 
©  RS232  Console  and  Modem  Ports 
©  On/Off/Reboot  Switching 


CODE  ACTIVATED  - 
EXPANDABLE 


©  Single  10  Amp  Circuits 

©  Expandable  to  10  Individually 
Switched  Plugs 

©  RS232  Control  Port 


FIVE  CIRCUIT 
-48VDC  POWER  BAR 


■S3*?" 


RPB+DC30 

©  Five  Individually 
Switched  Circuits 

©  Switch  -48VDC,  12  Amps 
each  Circuit,  30  Amps  Total 

©  Also  Available  in  115VAC 
and  230VAC  Models 


www.wti.com 


(800)  854-7226 


western  telematic  incorporated 

5  Sterling  •  Irvine  •  California  92618-2517 


Keeping  the  Net.. .Working! 


Rose  Electronics 
10707  Stancliff  Road 
Houston,  TX  77099 


USA  toll  free 
ROSE  US 
ROSE  Europe 
ROSE  Asia 


800  333  9343 
281  933  7673 
+44  (0)  1264  850574 
+617  3427  5353 


UltraLink” 


■  Connects  to  standalone  computers  or  any  KVM  switch 

■  High  quality  16-bit  video  at  up  to  1280x1024  resolution 

h  Easy  to  install,  give  it  an  IP  address  and  run  the  Viewer 
program,  no  user  license  required 

■  Encrypted  communication  produces  highly  secure  operation 

■  Scaling  and  scrolling  features  for  maximum  flexibility 


UltraLink  sets  a  new  standard  in  remote  management  of  server  room 
environments.  It  saves  you  money  by  allowing  you  to  centralize  your  IT 
resources.  Since  it  does  not  depend  upon  software  loaded  on  your 
computers,  it  deploys  easily  and  works  on  any  operating  system,  such 
as  Windows,  Linux,  Solaris,  Unix,  or  OSX. 


The  UltraLink  digitizes  the  remote  computer's  video.  It  then  scales, 
compresses,  encrypts,  and  packetizes  it  into  the  TCP/IP  protocol.  At 
your  PC  the  free  Viewer  application  receives  and  displays  the  video  and 
sends  back  keyboard  and  mouse  data.  This  process  allow  you  to  access 
remote  computers  from  anywhere. 


% 


-  ...  . 


■  Single  mouse  cursor  simplifies  user  interface 

■  See  four  servers  from  one  screen  with  quad  screen  mode 

■  Lifetime  free  flash  upgrades 


Rose  is  a  leading  manufacturer  of  switching,  extension,  and  access 
products.  As  a  KVM  industry  pioneer,  Rose  is  known  for  its  technically 
superior  and  price  competitive  products. 

Join  the  ranks  of  many  successful  companies  using  UltraLink,  call  Rose 
to  learn  more  about  KVM  Access  over  IP  as  well  as  KVM  Switches  and 
Extenders. 


WWW.ROSE.COM 


ELECTRONICS 


There  Is  A  Better  Way  To  Troubleshoot  &  Manage  Your  Network 
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Expert 

Observer 

*2895 


Observer 

Suite 

$3995 


Observer® — Quickly  identifies  network 
trouble  spots  and  costs  thousands  less  than 
expensive  hardware-based  analyzers. 
Observer  provides  metrics,  capture,  and 
trending  for  both  shared  and  switched 
environments. 

•  Full  packet  capture  and  decode  for  over 
500  protocols,  including  TCP/IP  (v4  &  v6), 
NetBIOS/NetBEUI,  XolP,  SNA,  SQL,  IPX/SPX, 
Appletalk  and  many,  many  more! 

•  Switched  mode  sees  all  ports  on  a  switch 
gathering  statistics  from  an  entire  switch  or 
capture/statistics  from  any  port(s) 

•  Long-term  network  trending  collects 
statistical  data  for  days,  weeks,  months, 
even  years 

•  Real-time  statistics  include  Top  Talkers, 
Bandwidth,  Protocol  Statistics,  and 
Efficiency  History 

•  Ethernet  (10/100/Gigabit),  Token  Ring, 
FDDI,  and  Wireless  802. 1 1 — no  need  to 
purchase  separate  tools 


•  Windows ®  98/Me/NT/2000/XP  compatible 

•  Over  4,000  frame  types  recognized 

Expert  Observer—  Identifies  problems  and 
provides  Expert  information  in  plain  English. 
Includes  all  of  the  features  of  Observer  plus 
real-time  and  post-capture  expert  event 
identification  and  analysis — new  SQL  and 
Frame  Relay  experts  add  to  the  many  other 
protocols  covered,  time  synchronization 
technology,  and  modeling  of  network  traffic. 

Observer  Suite — The  ultimate  tool  for 
the  most  demanding  power  user. 

Provides  a  full  complement  of  tools  that 
includes  all  of  the  features  of  Expert 
Observer  plus  SNMP  management,  RMON 
console/Probe  and  Web  reporting.  Includes 
one  remote  Probe. 

If  you  have  any  network  problems,  find 
out  the  cause  with  Observer,  Expert 
Observer,  or  Observer  Suite. 


Call  800-526-7919  or  visit  us  online  lor  a  full-featured  evaluation: 

www.NETWORKINSTRUMENTS.com 

US  (952)  932-9899  •  Fax  (952)  932-9545  •  UK  &  Europe  ->44  (0)  1959  569880  •  Fax  +44  (0)  1959  569881 

©2002  Network  Instruments,  LLC.  Observer,  "Network  Instruments"  and  the  “N  with  a  dot"  logo  are  registered  trademarks  of  Network  Instruments,  LLC. 
All  other  trademarks  are  property  of  their  respective  owners. 
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TheTATTO  Diamond  RAID 


Without  Sacrificing 


ATTO 


m 
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•  Unparalleled  Price  -  offering  the  lowest  cost/MB  available  today 

•  Unmatched  Capacity  -  up  to  8  TB 

•  Performance  -  reach  up  to  240  MB/sec.  sustained  throughput 

•  Connectivity  -  Fibre  Channel  and  SCSI  interfaces  for  increased  flexibility 

•  Interoperability  -  certified  with  all  leading  hardware  and  software  vendors 

•  Ease  of  Integration  -  plug  &  play  with  auto-configuration  gets  you  up  and 
running  quickly 


71 6.691 .1099 
attoteGh.com/nwwd 


Power  Behind  the  Storage 

RAID  storage  arrays  •  Fibre  Channel  bridges  •  IP  bridges 
•  SCSI  and  Fibre  Channel  host  adapters 
Fibre  Channel  hubs  •  SAN  connectivity  software 


ATTO  Technology,  Inc. 


Network 


Tel:  877-373-2700 
www.ims-4000.com 


Buy  •  Sell  •  Lease  •  Repair  •  New  •  Refurbished  •  Used 

www.wdpi.com  •  877.231.2451  •  cisco@wdpi.com 

i2i  Cheshire  Lane,  Minnetonka,  MN  55305  U.S.A. 
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♦  included 


products 


$999  per 


Phonetics,  Inc. 
901  Tryens  Road 
Aston,  PA  19014 


The  Smart  Choice  for 
Text  Retrieval  since  1991 


Text  Retrieval 
Engine 

♦  from  S999 


V  Routers 
Switches 
Hubs 

Voice  Over  IP 

Memory 

Security 

Interface  Modules 
Port  Adapters 
Wireless 


Cisco  Router 
and  Switch  Poster 
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World  Data  Products  introduces  its  new  Cisco 
Router  and  Switch  poster.  It  provides  at-a-glance 
information  on  model  capacities,  interface  cards 
and  available  features. 

The  Cisco  Poster  is  a 
valuable  tool  for 
network  planning. 

Call  877.231.2451  or 
visit  www.wdpi.com 
to  request  your 
FREE  Cisco  Router 
and  Switch  poster. 


dtSearch 


Instantly  Search 
Gigabytes  of  Text 


♦  Search  across  networks,  intranets,  and  web  sites 

♦  Publish  large  document  collections  to  web  or  CD/DVD 


"Superb ...  a  multitude 
of  high-end  features" 

—PC  Magazine 

"Very  powerful ...  a  staggering 
number  of  ways  to  search" 
—Windows  Magazine 

"Tremendously  powerful  and 
capable"  —Visual  Developer 


"Intuitive  and  austere ...  a 
superb  search  tool"  —PC  World 

"A  powerful  text  mining 
engine ...  effective  because 
of  the  level  of  intelligence 
it  displays"  -PC  Al 

"Searches  at  blazing  speeds' 
—Computer  Reseller  News 
Test  Center 


In  the  past  year  alone,  over 
half  of  the  current  Fortune  10 
have  purchased  developer  or 
network  licenses. 


Features: 

♦over  two  dozen  indexed,  unindexed, 
fielded  and  full-text  search  options 

♦highlights  hits  in  HTML  and  PDF 
while  displaying  embedded 
links,  formatting 
and  ffiiElfEEl 

♦converts  other  file 
types— word 
processor,  database, 
spreadsheet,  email,  ZIP, 

XML,  Unicode,  etc.— to 
HTML  for  display  with 
highlighted  hits 

♦  developer  products  have  easy 
wizard-based  setup;  optional  API 

See  www.dtsearch.com  for: 

♦  developer  case  studies 

♦  fully-functional  evaluations 

1-800-IT-FINDS 

sales@dtsearch.com 
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Internal 

UPS 


BE  NOTIFIED  BEFORE  CRITICAL  EVENTS  TURN  INTO  DISASTER! 


Microphone 

for  Sound 
Monitoring 


Monitors 

64 

IP  addresses 


Embedded 

Web 

Server 


Sends 

E-Mail 


Power 

Outage 


Ethernet 

Port 


Internal  Voice, 
Modem 
&  Pager  Port 


8  RJ-45  Sensor  inputs 

(Temperature,  Humidity, 
Water,  Motion,  Power, 
Smoke/Fire) 


The  Sensaphone  IMS-4000  Infrastructure 
Monitoring  System  monitors  critical  environ¬ 
mental  and  network  elements  in  your  server 
room,  data  center,  or  telecomm  installation  and 
reports  to  you  instantly  when  events  threaten 
your  infrastructure.  The  IMS-4000  keeps  watch 
so  you  don't  have  to.  See  these  features  and 
more  on  the  web  at  www.ims-4000.com 


Sends 

SNMP 

Messages 


Power 

Control 

Interface 


•  Eight  environment  inputs 

•  Power  sensing 

•  Monitors  64  IP  addresses 

•  Send  alerts  to  64  people 

•  8  methods  of  contact 

•  Calendar  scheduling 

•  Expands  to  256  sensors 

•  Remote  power  control 

•  Optional  camera 
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y  Contact  these  companies  today  to  help  you  with  your  training  needs! 

1  Measurellp 

1 1  Transcender 

1  (678)  356-5000 

■  (615)  726-8779  ‘ 

I  www.measureup.com 

j  1  www.transcender.com 

I  Certification  Practice 

5 1  Award-winning  practice  exams  ! 

[Tests _ 

j  1  for  IT  certification 

I WKMN  Training 

]  I CBT  Nuggets,  Inc* 

1  (415)  586-1713 

j  (541)  284-5522  ! 

1  www.wkmn.com/wireless 

j  1  www.cbtnuggets.com 

1  Comprehensive  introduction  to 

1  wireless  networking. 

I  IT  Certification  Videos  j 

Learnkey  Inc*  ^ 

(800)  865-0165 
I  www.leamkey.com 
Self-paced  online  CD  network 
certification  developer  bus/apps 
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NetS mart  Learning  Partner 


Firewall 


Experience  Counts.  Since  1 994  GTA  has  been 
building  solid,  dependable  firewall  systems.  For 
the  past  8  years  our  line  of  firewall  products 
have  met  the  demands  of  small  to  medium  >> >v 
businesses  worldwide.  All  GTA  firewall  o»odu<: : 
carry  the  ICSA  4.0  Corporate  Firewall  Ce: 

To  learn  more  about  oui  family  of  ftrew.-ns 
our  website  or  contact  a  GTA  channel  parti ; 


Technology 


Associates,  Inc. N 

775-4GTA  •  www.gta.com  •  info@gta.com 


The  Hub  of  the  Hetwork  Buy 


order  now:  310-416-1200 

or  visit 

www.ContiComp.com 

We  Specialize  In... 


Make  the  Smart  Choice, 
Trust  the  Experts 


Cisco  Systems 


Jftntlnenui  KIHHR 


COMPUTERS 


Slte»19t4 


Authorized 
Reseller 

These  1090a  are  a  trademark  of  their  respective  companies  and  services 


COMPLETE 

Catse  Kit 

BACH  KIT  INCLUDES: 


i-ioooft  Box  of  Catse  Cable 
100-RJ-45  Connectors 
i-Crimper  Tool 
i-Cable  Tester 


•  In  Stock  &  Ready  to  Ship 

•  No  Freight  Upcharges 

•  No  Handling  Fees 

•  l  Year  Warranty 

•  $100  minimum  order 


760-639-4500  www.evertek.com 


Tel:  408.727.1122 
Fax:  408.727.8002 

343  1  DE  LA  CRUZ  BLVD. 
WWW.RECURRENT.COM 


EeCfE^R^t 

technologies,  inc. 
SANTA  CLARA,  CA  95054 
INFQ@RECURRENT.CCM 


toll  free  800  879  8795 
ph:  + 1  402  575  3000 
fax: +1  402575  2011 


OptimumDatalnc. 

www.optimumdata.com 


Cisco  •  Paradyne  •  ADTRAN  •  Sun  •  Extreme  Networks 


WRCA.NET 

NEW  <<cj3£l£r  USED 


AUTHORIZED  RESELLER 
Access/Routers/Switches 
Cisco  Livingston  Ascend 
3Com  US  Robotics  Kentrox 
Adtran  BayNetworks  Xyplex 
Computone  Digital  Link 
Modems  /  DSU  /  Muxes 
IBM  UDS  Codex  Hayes  GDC 
Micom  Microcom  Paradyne 
ATT  MultiTech  Penril 
Racal  Telebit  Zoom 

WE  BUY  AND  SELL 
www.wrca.net 
800-699-9722 


NEW-USED 
WE  BUY-WE  SELL 


caBLerRon 


SYSTems 


Cisco  Systems 


NEW  RITTAL  19"  CABINETS 
72/24/34  w/DOORS/SIDES  S650 
78/24/34  w/DOORS  S 500 
78/24/34  w/DOORS/SIDES  S650 


ERGONOMIC  ENTERPRISES,  Inc 
47  WERMAN  CT. 
PLAINVIEW  NY  11803 
1-877-4LAN-WAN  (452-6926) 
Inti:  001-516-293-5200 
fx  516-293-5325 
www.4lanwan.com 

rich@4lanwan.com 
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You've 
Got  Mail! 

Security  Problems? 


y 


SFCUREMATICS' 


Call  1-888-746-6700 


SONIQVALL 

Authorized  Distributor 


www.securematics.com 


systems/Features/Memory 

CISEO 

EOUIBMENT 


Also  Available:  Wellfleet,  Bay,  Fore, 
Xylogics,  Livingston,  &  Ascend 


in  Stock  •  Fast  Delivery  •  No  Expedite  Charges 


COMSTAR,  INC. 

The  #1  Network  Remarketer 

952*835*5502 

Fax  952*835»1927  E-Mail:sales@comstarinc.com 


CISCO  NORTEL 

NEW  •  REFURB  /  BUY  •  SELL 


4£S^ 

Truckload 

CncoSuTiiis  M 

HCRTEL 

NETWORKS  Vld  ■ 

J|  C<M<^  #  Bay  Networks_ 
Fax  Equipment  List  To  801-377-0078 


888-8LANWAN 

Call  for  Free  Quote!  (888-852*6926)  www.nle.com 


Jcbmponents; 

— — — *  INITWORK  HARDWARI 


IT  Hardware  for  Less 


New  Overstock 

Open  Box 
Pre-Owned 
Discontinued 

WE  BUY  USED  CISCO 
&  SURPLUS  EQUIPMENT 

MBE  Certified  •  Woman  Owned 

1 1904  South  La  Cienega  Btvd,  Hawthorne,  CA  90250 
Tel  310  643.6021  •  Fax  310  643.6041  •  www.jecom.com 


r  SERVER  ROOM 

Temperature  ^ 
Sensors 


Multiple  Models  Including: 


THL-100 

(Battery  powered) 

THL-100  AC/DC 

(Continuous  monitoring) 

THL-100  AC/ DC  Plus 

(Email  alarms) 


►  Records  Temperature,  Humidity  &  Light 

►  Time  Stamped  Data  for  Detailed  Analysis 

►  Windows-based  SmartSensor  Software 
•  Data  or  graphical  view 

•Easily  exports  to  common  spreadsheet 
software 


Toll  Free  1-866-442-7767 
www.smartronix.com/products 


We  Buy  &  Sell 

USED 

CISCO 

Juniper 

Extreme 

800.451.3407 

Since  1985 

50-90%  Savings 
Fully  Guaranteed 
Overnight  Delivery 

networkhardware.com 


iruiivii 

See  the  entire  Generation 
3.0  collection  at: 

BRETTS 

Luggage.  Leather  gtxxls.  Gifts 
Pens.  Clocks. 
Lighters.  Games 

www.suitcase.com 


© 


careers.com 


IT  CAREERS 


Oracle  Application  Developer 
needed  w/exp  to  implement  & 
customize  Oracle  Applica¬ 
tions  (ERP)  including  Oracle 
HRMS,  Financials,  Accounts 
Payables,  Accounts  Rec¬ 
eivables.  Development  &  con¬ 
version  of  Unix  based  Paybill 
Application  using  APPGEN  to 
Oracle  HRMS.  Integrate  w/the 
ERP  implementation  using 
Oracle,  PL/SQL  &  Developer 
2000.  Send  resume  to:  Vedior 
North  America  LLC,  60 
Harvard  Mills  Square, 
Wakefield,  MA  01880. 


NEED  TO  HIRE? 
START  WITH  US! 


iTcareers  and  ITcareers.com 
reach  more  than  2/3  of  all  US 
IT  workers  every  week.  If 
you  need  to  hire  top  talent, 
start  by  hiring  us. 

Call  your  ITcareers  Sales 
Representative  or  Nancy 
Percival  at 
1-800-762-2977. 

ITcareers 

where  the  best  get  better 


Programmer  Analyst:  Develops 
and  modifies  programs  to  facil¬ 
itate  the  internet  and  extranet 
web  based  transfer  of,  and 
access  to,  organizational  busi¬ 
ness  data  in  the  insurance  and 
health  care  industries  Must 
have  M.S.  in  Computer  Sci¬ 
ence  and  one  year's  experi¬ 
ence  in  job  offered.  Send  res¬ 
ume,  to  Paradigm  Technology 
Solutions,  Inc.  7332  Inter¬ 
national  Drive,  Orlando,  FI 
32819,  attn:  K.  Shah. 


Prog/Analysts  to  analyze, 
design,  test  datawarehousing/ 
datamart,  software  applns  and 
ETL  using  tools  like  Informatica, 
Cognos,  Oracle,  MS  SQL 
Server,  CICS,  DB2,  HTML, 
Java,  C++  on  UNIX,  Windows 
Os;  gather,  document  reqs  from 
user  community;  test,  trou¬ 
bleshoot  project  appln  code 
accor.  to  system  objectives. 
Require:  BS  or  foreign  equiv. 
with  Cone,  in  CS  /  Engg.  (any 
branchj/related  field  &  2  yrs  exp 
in  IT.  Competitive  salary.  F/T 
position.  Travel  Required. 
Resume  to  HR,  Smartsoft 
International,  Inc.,  4898,  South 
Old  Peachtree  Rd,  Norcross, 
GA  30071 


ITcareers.com  is 


the  place  where  your  fellow  readers 
are  getting  a  jump 
on  even  more  of 

the  world's  best  jobs. 

Stop  in  a  visit. 

See  for  yourself. 


IT)Em233 


Programmer/Analysts  needed  at 
client  sites  w/exp  dvlpg  Main¬ 
frame,  Internet  applies  &/ or 
Datawarehousing  using  one  or 
more  of  foil  tools  such  as  DB2, 
SQL,  IMS,  JCL,  SPUFI, 
COBOL,  Oracle,  PL/SQL,  Dvlpr 
2000,  Unix,  Java,  JSP, 
WebLogic,  Servlets,  Applets, 
JavaScript.  JDBC,  HTML,  XML, 
Peri,  Brio,  Crystal  Reports.  Bus 
Objects,  Informatica,  LDAP  &/or 
VB.  Send  resume  to:  S. 
Ajjarapu,  HR/PA,  Global 
Information  Tech,  15310 
Amberly  Dr  #165,  Tampa,  FL 
33647. 


Seeking  qualified  applicants  for  the 
following  positions  in  Orlando,  FL: 
Senior  Programmer  Analyst.  Form¬ 
ulate/define  functional  require¬ 
ments  and  documentation  based 
on  accepted  user  criteria.  Require¬ 
ments:  Bachelor's  degree’  in  com¬ 
puter  science,  MIS,  engineering, 
math  or  related  field  plus  5  years  of 
experience  in  systems/applications 
development.  Experience  with  Unix 
(Sun  Solaris),  C++  and  RDBMS 
also  required.  ’Master's  degree  in 
appropriate  field  will  offset  2  years 
of  general  experience.  Submit 
resumes  to  Sibi  George,  FedEx 
Corporate  Services.  1900  Summit 
Tower  Blvd.,  Suite  1400,  Orlando, 
FL  32810.  EOE  M/F/D/V. 


Sr.  Software  Developer  for  chal¬ 
lenging  eSales  and  Al  projects. 
Design  software  solutions  using 
Java,  C++,  Oracle,  MSSQL, 
HTML,  JavaScript,  &  XML.  Imple¬ 
ment  software  systems  &  relation¬ 
al  database  schemas  in  a  client/ 
server  environment  utilizing  Win¬ 
dows  NT/  UNIX  severs  over  LAN 
and  Internet.  Perform  3-tier  client/ 
server  application  development. 
Structured  analysis  &  design  using 
Rational  Unified  Process.  MS  in 
Computer  Science  or  equivalent  + 
1  yr.  exp.  in  software  design, 
development  and  implementation. 
Apply  to  Core  Concept,  Inc.,  1050 
Crown  Pointe  Parkway,  Suite 
1460,  Atlanta.  GA  30338  with  proof 
of  permanent  work  authorization. 


Systems  Analysts  to  analyze, 
design  appls  using  Cobol/400, 
RPG/400,  OS/400,  Java,  JDBC. 
IBM  Websphere  under 
Windows,  AS/400  envir;  respon¬ 
sible  for  project  planning, 
time/cost  schedules,  quality  of 
deliverables;  study  and  evaluate 
new  technologies/methodolo¬ 
gies;  provide  technical/business 
guidance  for  complex  user  prob¬ 
lems;  Require:  M.S.  or  foreign 
equiv  with  cone,  in  CS/Engg(any 
branchj/Business  Admin.  High 
Salary.  F/T.  Travel  involved. 
Resume  to:  HR,  Salem 
Associates,  Inc.,  405,  6th  Ave., 
Ste  102,  Des  Moines,  IA  50309. 


F/T  Computer  Support  Specialist. 
Responsible  for  scoping,  plan¬ 
ning,  implementing  legacy  appli¬ 
cation  extension  projects  and 
training  customer  personnel  in 
tool  use.  100%  travel.  Requires  in- 
depth  knowledge  of  J  Walk,  GUI/ 
400,  WinJa  and  I  I  I.  Requires  3 
yrs.  of  exp.  Work  background 
must  include  providing  technical 
support  services  to  software 
and/or  network  end  users  and 
supporting  J  Walk,  GUI/400  &  I  I  I 
customers  across  a  variety  of 
industries.  Salary:  Competitive. 
Send  resume  to:  HR  -  Ref:  TS, 
SEAGULL,  3340  Peachtree  Rd, 
Atlanta,  GA  30326.  Reference  this 
ad.  No  phone  calls  please. 


Prog/Analysts  to  analyze, 
design,  develop,  appls  using 
Java,  C++/C,  COBOL,  JSP, 
Servlets,  HTML,  XML,  VB. 
VBScript,  Jscript,  Jbuilder, 
Oracle,  SQL,  Sybase,  etc.  on 
UNIX,  Windows  OS;  conduct 
feasibility  study;  perform 
unit/integration  testing,  perfor¬ 
mance  tuning,  query  optimiza¬ 
tion;  provide  documentation  & 
debugging.  Require:  BS  or  for¬ 
eign  equiv  in  CS/Engg.  (any 
branch)  &  2  yrs  of  exp.  High 
salary,  F/T.  Travel  involved. 
Resumes  to  Compsoft 
Technology  Solutions  Group, 
Inc.,  11  N  Roselle  Road, 
Schaumburg,  IL  60194. 


Systems  Admins  to  plan,  imple¬ 
ment,  maintain  and  troubleshoot 
LAN/WAN  installations;  install, 
maintain,  administer  IIS  Web 
Servers,  SQL  Server,  Windows, 
UNIX,  LINUX;  design,  develop 
systems  for  transmission  of 
voice/image  data  within  multiple 
network  environments;  install, 
upgrade  network  computer 
hardware/software.  Require: 
B.S.  or  foreign  equiv  in 
CS/Engg.  (any  branch)  with  2 
yrs  exp  in  sys.  administration. 
High  salary.  F/T  position.  Travel 
involved.  Resumes  to:  HR,  ACT, 
3355  Breckinridge  Blvd.  Suite 
128,  Duluth  GA  30096 


Web  Dev/Programmer. 
Program  courses,  create 
internet/intranet/LAN  prod¬ 
ucts.  AA  in  Comp.  Sci., 
Systems  Engr,  related  field 
plus  3  yrs  in  job  offered  or  as 
Systems  Analyst  or  similar 
duties.  3  yrs  exp.  w/cold 
fusion  plus  2  yrs  exp. 
w/SPECTRA,  SCORM,  AICC, 
SQL  Server,  JavaScript, 
HTML,  NT  environ.  Contact 
Robin  Salsberry,  4600 
Westown  Pkwy,  #301,  WDM, 
IA  50266. 


Synova  Inc  is  seeking  profes¬ 
sionals  with  following  skills: 
Programmer/System  Analysts, 
Engineers  in  Mainframe.  Web 
Tech,  Technical/functional  (SAP 
&  Peoplesoft),  Java,  Rational/ 
RUP,  UML,  J2EE,  Unix  DBA. 
Oracle,  SQL  DBAs.  Respond  to 
ads@synovainc.com 

Programmers/System  Analysts 
wanted  by  GalaxyPlus,  leader  in 
tech  products  to  credit  unions. 
Qualified  candidates  must  have 
BS.  Exp  of  XML,  VB,  ASP,  C#, 
SQL,  IBM  AIX,  Socket/TCP, 
C++,  DG  SQL.  DHTML  is  plus. 
Apply  at  GalaxyPlus  at  5600 
Crooks  Rd.  Troy,  Ml  48098, 
EOE. 


Computer  Security  Coordinator. 
8a-5p.  40  hrs/wk.  Plan,  dvlp, 
implmt  &  co-ordinate  systms 
security  features  for  wireless 
applies  using  comp  systms 
security,  network  mgmt,  network 
security,  user  interface  dsgn  & 
distributed  computing  skills. 
Masters  or  equiv  in  Comp  Sci, 
Information  Systms,  Electrical, 
Electronics  or  related  field  of 
Engg.  In  lieu  of  Masters,  Bach  in 
specified  majors  &  5  yrs  of  pro¬ 
gressive  work  exp  as 
Systems/Prgmr  Analyst  or 
Systms/Network  Admin  using 
above  skills  accepted.  Resume: 
Air2Web,  Inc.,  Promenade  II, 
1230  Peachtree  St.,  12th  Fl„ 
Atlanta,  GA  30309. 


Systems  Analyst  (New  York. 
NY):  Design/implement  enter¬ 
prise  wide  network  monitoring 
solution;  maintain  system/net¬ 
work  performance  baselines; 
create  conformity  standardiza¬ 
tion  of  data  center  equip;  main¬ 
tain  systems  to  protect  against 
known  security  concerns;  trou¬ 
bleshoot  Global  network  con¬ 
nectivity  &  design  secure  infra¬ 
structure;  configure  &  maintain 
multi-site  help  desk  application; 
analyze  current  environments  to 
forecast  future  capacity  needs; 
conduct  training  sessions 
amongst  l/T  members  to  trans¬ 
fer  knowledge.  Bachelor's  or 
equiv.  in  comp,  sci.,  comp, 
engin.  or  comp,  information  sys¬ 
tems  or  applications  plus  one 
year  exp.  in  job  offered. 
Experience  must  include  design 
&  configuration  of  enterprise 
wide  monitoring  solutions  and 
network  infrastructure  as  well  as 
building,  upgrading,  and  main¬ 
taining  multi-site  exchange  envi¬ 
ronments.  Send  resume  to: 
Human  Resources, 

Weightwatchers.com,  Inc,  888 
Seventh  Ave.,  8th  FI.,  NY,  NY 
10106. 


Engineering  Manager.  Analyze  and 
define  technical  requirements/soft¬ 
ware  specifications  based  on  busi¬ 
ness  requirements  from  Product/ 
Marketing  group;  work  with  engi¬ 
neering  teams  to  build  and  manage 
the  project  plan  for  development 
and  productization  of  requirements; 
provide  a  comprehensive  view  to 
management  on  status  of  product 
development  and  their  milestones; 
and  provide  project  management 
for  associated  activities  such  as 
new  feed/content  integration.  Must 
have  Bachelor's  degree  in  Com¬ 
puter  Science,  Engineering  or 
equivalent,  two  years  experience; 
including  one  year  experience  in 
database  design  and  project  man¬ 
agement.  Must  have  knowledge  of 
Software  Engineering  models 
including  Waterfall.  Iterative  and 
Evolutionary;  ISO  9001;  Object 
Oriented  design  and  implementa¬ 
tion;  and  internet  based  application 
development  on  Windows  and 
Linux,  40  hrs/wk.  $76.000/yr.  Must 
have  proof  of  legal  authority  to  work 
in  the  United  States.  Send  your 
resume  to  Iowa  Workforce  Center, 
1700  South  Is*  Ave.,  Suite  11B, 
Iowa  City,  Iowa  52244-2390. 
Please  refer  to  Job  Order 
IA1101697.  Employer  paid  adver¬ 
tisement. 


Programmer/Analyst  /  Software 
Art  Corp.,  a  software-consulting 
firm,  requires  software  profes¬ 
sionals  with  demonstrated 
hands-on  experience  in  the  fol¬ 
lowing:  Unix  System  Admins 
Sun/HP  Client  Server:  MS  VB 
.NET,  ASP  .NET  C#/C++/Oracle 
PL/SQL/Sybase/Windows/Unix  I 
nternet  Computing:  JAVA / 
CORBA/XML,  JAVA  Websphere/ 
Weblogic  OOPQA  Testers: 
Manual/Automated,  JD  Ed¬ 
wards,  SAS  Programmers, 
Technical  Recruiter  local  to  NJ. 
Send  resume  to: 
nickv@softwarea  rt.com 


S/W  Engineers  to  lead  teams  to 
analyze,  design,  develop  S/W 
appls  using  SAP  R/3,  ABAP/4, 
Java,  JScript,  JDBC,  MS 
Access,  Oracle,  Weblogic,  Java 
Web  server,  etc.  on  Windows, 
UNIX,  LINUX  envir;  develop 
interfaces,  conversions,  reports 
and  forms  using  ABAP  for  SAP 
implementation;  evaluate,  train 
users/members.  Require:  M.S. 
in  CS/Engg(any  branch)  with  3 
yrs  of  exp  or  BS  or  foreign  equiv. 
in  any  of  the  above  field  with  5 
yrs  of  relevant  progressive  exp. 
High  salary.  Travel  involved.  F/t. 
Resume  to:  HR.  Bahwan 
Cybertek  Technologies,  Inc., 
209  West  Central  Street,  Ste 
312,  Natick,  MA  01760. 


Boehringer  Ingelheim  Pharma¬ 
ceuticals,  Inc.  has  an  immediate 
opening  in  its  Ridgefield. 
Connecticut  facility  for  the  posi¬ 
tion  of  Principle  Systems 
Engineer. 

Provide  leadership  and  exper¬ 
tise  in  support  of  all  application 
development  efforts  for  purchas¬ 
ing;  analyze,  design,  develop, 
maintain  and  support  Ariba 
Purchasing  system  and  Ariba 
Buyer  eProcurement  application 
and  make  technical  and  func¬ 
tional  configuration  changes  and 
customizations. 

Must  possess  a  Master's  degree 
or  its  equivalent  in  Computer 
Science.  Computer  Engineering 
or  a  related  field  and  relevant 
experience  with  e-procurement 
applications,  Ariba  Buyer 
(ORMS,  7. 0.4/7. 0.6),  TIBCO, 
AML,  AQL  and  XML  and  cus¬ 
tomizing/creating  Ariba-SAP, 
Ariba-CSV  and  Ariba-Oracle 
interfaces  for  successful  imple¬ 
mentation  of  Custom  E-forms. 

Resume  and/or  cover  letter 
must  reflect  each  requirement 
above  and  specify  reference 
code  AD-GCD/GC1602  or  it  will 
be  rejected. 

Forward  resume  to:  Bl  Staffing 
Center,  PO  Box  534,  Waltham. 
MA  02454.  Fax  number:  (781) 
663-2431.  Email: 
BIPI@BI-careers.com 


Technical  Support  Specialist:  40  hr 
per  wk  8a.m. -5p.m.  $24.01  per  hr. 
No  OT  Provides  technical  support, 
makes  recommendations  for  im¬ 
provements  in  computer  system, 
reviews  &  tests  programs,  modifies, 
tests.  &  corrects  existing  programs, 
Evaluates  &  tests  software  Enters 
commands  into  &  tests  computer 
systems,  prioritizes  importance  of 
components  &  writes  recommenda¬ 
tions.  Trains  others  in  use  of  hard¬ 
ware.  Writes  project  reports  &  doc¬ 
umentation  for  new  hardware. 
Creates,  develops,  &  modifies 
internet  web  pages.  2  yrs  exp.  n/w 
suburbs.  Applicants  must  show 
proof  of  legal  authority  to  work  in 
the  U.S.  Send  resume  to  Illinois 
Department  of  Employment  Securi¬ 
ty,  401  S.  State  St.  -  7  North, 
Chicago,  IL  60605,  Att.  Joanne 
Breaux,  Ref.  #  34049  An  employer 
paid  ad.  NO  CALLS  -  SEND  2 
COPIES  OF  BOTH  RESUME  & 
COVER  LETTER. 


Software  Engineers 

Job#1)  Lead  development/Pro- 
gramming  in  Oracle  Applica¬ 
tions.  Customize,  Convert, 
Map,  Interface  Oracle  Apps  & 
SAP/Legacy  Systems.  Provide 
End-Use  Training 

Job#2)  Design,  dvlp,  implmt  & 
support  multi-tier  WWW  appli¬ 
cations  using  MS  SQL  Server, 
COM,  MTS,  IlS.Interdev  & 
Delphi. 

2  Years  experience  on  the  job 
with  a  BS  in  Engg/Science/ 
Math  or  equivalent.  $89K.  To. 
Shiva  Systems  705  Mermaid  Dr 
308  Deerfield  Bch  FL  33441. 


Seeking  qualified  applicants  for  the 
following  positions  in  Memphis/ 
Collierville,  TN:  Senior  Programmer 
Analyst  Formulate/define  function¬ 
al  requirements  and  documentation 
based  on  accepted  user  criteria. 
Requirements:  Bachelor's  degree" 
in  computer  science,  MIS,  engi¬ 
neering  or  related  field  plus  5  years 
of  experience  in  systems/applica- 
tions  development.  Experience  with 
ClearBasic  programming  also 
required.  ’Master's  degree  In 
appropriate  field  will  offset  2  years 
of  general  experience  Submit 
resumes  to  Sibi  George,  FedEx 
Corporate  Services,  1900  Summit 
Tower  Blvd.,  Suite  1400,  Orlando. 
FL  32810.  EOE  M/F/O/V 
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INFORMATION  SECURITY 


Chief  Information  Systems  Security  Officer 

The  Congressional  Research  Service  (CRS)  seeks  a  senior  Information  Technology 
Specialist  to  serve  as  its  Chief  Information  Systems  Security  Officer.  The  incumbent  will 
lead  the  implementation  of  all  CRS  security  programs  and  will  ensure  that  those  programs 
ore  integrated  with  the  information  security  programs  of  the  Library  of  Congress  and  the 
United  States  Congress. 

The  specialist  will  develop  and  ensure  compliance  with  information  security  policies, 
standards,  and  guidelines,  and  provide  regular  IT  security  training  to  CRS  managers  and 
staff.  The  specialist  will  also  be  responsible  for  evaluating  and  monitoring  the  work  of  IT 
security  vendors  and  contractors,  and  providing  expert  analysis  and  advice  on  a  wide  range 
of  issues  and  problems  related  to  information  systems  security. 

Position  is  being  offered  at  the  GS-15  level  ($94,91  4-$l  23,388). 

To  apply  online  (preferred),  visit  www.loc.gov/crsinfo  or  call  202/707-5627  to  request  an 
applicant  job  kit.  Please  refer  to  vacancy  #030022  in  all  correspondence.  Applications 
must  be  received  by  March  5,  2003.  As  the  public  policy  research  arm  of  the  U.S. 
Congress,  CRS  is  fully  committed  to  workforce  diversity. 


Congressional 

Research 

Service 


IT  Professionals 

Manager 

Responsible  for  tax  and  revenue 
system  development  including 
application  design,  development 
and  implementation.  Responsible 
for  the  return  processing  subsys¬ 
tem  of  a  large-scale  customized 
integrated  tax  system  that  per¬ 
forms  processing,  audit,  collection 
and  discovery  functionalities.  Lead 
Joint  Application  Design  (JAD) 
sessions  with  groups  of  users  and 
compile  system  requirements  for 
the  return  processing  area.  Re¬ 
sponsible  for  every  deliverable  of 
the  full  life  cycle  from  inception  to 
completion.  Work  with  users  to 
design  and  implement  the  require¬ 
ments  that  incorporate  configura¬ 
bility  and  high  performance.  Re¬ 
sponsible  for  consolidating  return 
edits  and  performing  cross  tax 
types  edits.  Supervise  every 
aspect  of  the  design,  development 
and  testing  of  the  applications  and 
manage  functional  and  technical 
staff  Responsibilities  include  inte¬ 
grating  multiple  tax  types  and 
departments  such  as  processing, 
audit,  and  collection  as  well  as 
conducting  design  and  code 
reviews  and  presenting  each  deliv¬ 
erable  to  the  users.  Utilize  HTML, 
Websphere,  Java,  DB2,  Java¬ 
Script,  Java,  and  Relational 
Database. 

WAGE:  $90, 000/year 

REQUIREMENTS: 

Bachelor's  degree  in  Computer 
Science.  Math,  Business  Adminis¬ 
tration.  Engineering  (any  type),  or 
Information  Systems  +  5  years 
exp.  in  the  job  offered  or  5  years 
exp.  as  a  Designer  &  Developer. 
Team  Leader,  Manager,  or  Senior 
Consultant.  Related  experience 
must  include  at  least  3  years  of 
expenence  in  tax  and  revenue  sys¬ 
tem  development  including  appli¬ 
cation  design,  development  and 
implementation  Must  have  knowl¬ 
edge  of  (1)  integrating  multiple  tax 
types  and  departments  such  as 
processing,  audit,  and  collection. 
(2)  at  least  1  year  experience  in 
HTML.  Websphere,  Java.  DB2 
JavaScript,  JAD,  Relational 
Database 

Please  send  your  resume,  refer¬ 
encing  Job  Order  Number  WEB 
304448  to  the  PA  Career  Link/ Job 
Service.  Site  Administrator. 
Greene  County  Team  PA 
CareertJnk,  4  West  High  Street. 
Waynesburg.  PA  15370-1324. 
EOE. 


Positions  are  available  for  Product 
Consultants  in  Atlanta  and  Boston 
and  a  Systems  Support  Engineer 
in  Atlanta  with  an  e-business  tech¬ 
nology  company.  The  company 
provides  solutions  that  enable  cor¬ 
porations  and  software  providers 
to  leverage  emerging  technolo¬ 
gies  to  more  effectively  compete 
in  the  global  market. 

Product  Consultants  are  responsi¬ 
ble  for  planning,  developing,  and 
implementing  custom  software 
applications  at  customer  sites. 
They  gather  and  analyze  require¬ 
ments  of  end  users  and  prepare 
feasibility  analysis  including 
requirements. 

Candidates  for  the  Product 
Consultant  positions  should  pos¬ 
sess  a  Bachelor's  degree  in  a 
Computer  field  and  at  least  two 
years’  experience  in  software 
design  and  development  imple¬ 
menting  middleware  technology 
or  web  enabling  and  database 
technologies,  including  XHTML 
and  XML  or  JAVA,  and  demon¬ 
strated  knowledge  of  AS400  tech¬ 
nology.  Must  have  ability  to  travel 
1 00%  of  time. 

The  Systems  Support  Engineer  is 
responsible  for  providing  software 
expertise  in  developing  and  pro¬ 
ducing  software  systems  for 
three-tier  Middleware  develop¬ 
ment  and  production  packages 
that  reside  on  UNIX  and  NT 
servers. 

Candidates  for  the  Systems 
Support  Engineer  position  should 
possess  a  Bachelor’s  degree  in 
Computer  Science  or  a  related 
field  and  at  least  one  year’s  expe¬ 
rience  in  systems  support  for  mid¬ 
dleware  technology  using  JAVA. 
Apply  by  mail  with  resume  to: 
Natalie  Gow,  do  Jacada  Inc.,  400 
Perimeter  Center  Terrace.  Suite 
195,  Atlanta,  Georgia  30346. 


LLEORNA  Enterprises,  a 
provider  of  software  consult¬ 
ing  services,  seeks: 

Senior  Systems  Integration 
Engineer.  BS  or  equivalent  in 
Computer  Sci,  Engineering  or 
related  +  6  yrs  exp  in  SW 
engrng,  programming  or  relat¬ 
ed.  Also  2  yrs  exp  in  Windows 
&  Unix  systems  admin;  knowl- 
edge/backgrnd  in:  RDBMS; 
CGI;  and  Perl,  C++  or  Java; 
backgrnd  in  power  utilities/ 
energy  industry.  Mail  resume 
to:  2243  Shannon  Dr.,  South 
San  Francisco,  CA  94080. 


TechNation  Software  Cons¬ 
ulting,  Inc,  a  software  consulting 
company  with  its  main  place  of 
business  at  Sioux  Falls,  SD  has 
a  position  for  a  software  profes¬ 
sional  whose  duties  will  involve 
gathering  requirements,  doing 
business  analysis  and  proposing 
solutions  for  IT  needs  of  health¬ 
care  and  pharmaceutical  indus¬ 
try.  The  individual  will  build  and 
lead  a  team  to  develop  solutions 
for  software  dealing  with  clinical 
trials  for  the  pharmaceutical 
industry. 

Job  Requirements:  Bachelors 
degree  with  a  concentration  in 
computer  science  or  equivalent 
with  additional  coursework  in 
Medicine  or  pharmacology. 
Should  have  knowledge  of  clini¬ 
cal  trials  along  with  a  minimum 
of  3  years  experience  in  soft¬ 
ware  programming,  Analysis 
and  three  years  experience  in 
business  development. 

TechNation  provides  onsite-con¬ 
sulting  services  to  clients  across 
the  United  States  and  hence  a 
key  requirement  for  this  position 
is  that  candidates  must  be  will¬ 
ing  to  relocate  across  the  coun¬ 
try  for  periods  between  3-6 
months  or  as  needed. 

Send  resumes  to  Navdeep 
Patyal,  300  N.  Dakota  Ave. 
Suite  #505B,  Sioux  Falls,  SD 
57104  or  email 

Navi@tnscinc.com 


Associate  Director.  Relationship 
Management.  Columbus,  GA. 
Direct  the  work  unit  that  performs 
daily  servicing,  system/product 
development,  requirements  defini¬ 
tion.  system  options,  conversions, 
start-ups,  and  de-conversion  activi¬ 
ties  on  the  International  Services 
Department  (“ISD")  Cardholder 
platform  for  clients  in  17  countries 
using  9  currencies.  Provide  client 
service  for  the  total  Cardholder  pro¬ 
cessing  on  a  complete  computer 
platform  and  recognize  and  man¬ 
age  cultural  differences  in  business 
styles  and  government  require¬ 
ments  for  17  countries. 

Competitive  Salary.  Must  have 
three  (3)  years  of  managerial  expe¬ 
rience  within  credit  card  and  bank¬ 
ing  industry  using  TS1  International 
Platform  systems  and  written  &  oral 
fluency  in  Spanish  to  work  with 
clients  in  17  countnes.  Must  have 
legal  authority  to  work  in  the  U.S 
Please  send  resume  demonstrating 
all  minimum  requirements  to:  Total 
Systems  Services.  Inc.,  Attn:  Pam 
Toflinski.  1000  -  5th  Ave  , 

Columbus.  GA  31901. 


TechNation  Software  Consul¬ 
ting,  Inc,  a  software  consulting 
company  with  its  main  place  of 
business  at  Sioux  Falls.  SD  has 
multiple  positions  for  Software 
Professionals. 

Sr.  Software  Engineers:  BS  in 

CS,  or  equivalent  with  more  than 
5  years  of  recent  programming 
experience  or  MS  in  CS  with 
more  than  3  years  of  such  expe¬ 
rience.  Duties  entail  program¬ 
ming,  gathering  user  require¬ 
ments  and  customization  of  soft¬ 
ware  in  either  of  a)  Database 
Systems  which  involves  data¬ 
base  design,  data  modeling 
working  in  both  front  end  as  well 
as  backend  applications  on  Unix 
and  Windows  platforms.  Or  in  b) 
systems  side  programming  in 
Unix,  C,  C++  which  involves 
product  development,  working 
on  telecom  protcols  or  develop¬ 
ment  of  device  drivers. 

Both  positions  require  knowl¬ 
edge  of  allied  Internet  technolo¬ 
gies  like  Java,  JSP,  XML,  J2EE 
and  ASP. 

Unix  Systems  administrators: 

BS  in  Computer  Sciences  or 
equivalent  with  atleast  five  years 
of  experience  in  an  enterprise 
environment,  (i.e.  more  than  500 
users)  Duties  include  extensive 
use  of  Network  Implementation 
and  Administration,  System 
Integration,  Backup  and  recov¬ 
eries,  shell  scripting  and  System 
Securities.  Experience  in 
Management  of  Enterprise 
Network  Storage  devices  (SAN 
or  NAS),  HP  and  Solaris 
Servers,  switches,  HUBs  and  in 
Veritas  NetBackup  systems. 
TechNation  provides  onsite  con¬ 
sulting  services  to  clients  across 
the  United  States  and  hence  a 
key  requirement  for  all  positions 
is  that  candidates  must  be  will¬ 
ing  to  relocate  across  the  coun¬ 
try  for  periods  between  3-6 
months  or  as  needed. 

Send  resumes  to  Madhukar 
Gangadi,  300  N.  Dakota  Ave. 
Suite  #505-B,  Sioux  Falls,  SD 
57104  or  email  to 
madhukar@tnscinc.com.  Fax: 
530-733-2775 


Vt.  Based  consulting  co.  with 
clients  located  on  the  East  Coast 
has  multiple  openings  for  IT  profes¬ 
sionals.  Looking  for  the  following 
skill  sets: 

-Oracle  and  Progress  developers 
-client  server  developers  C,  C++, 
VB.  VC++ 

-J2EE 

-web  based  developers  Java, 
HTML.  ASP 
-Forte 

-Technical  writers 
-multiple  OS  Windows,  NT  and 
UNIX 

-multiple  Rdbms  Oracle,  SQL 
Server,  Informix 

-Legacy  systems  exp.  for  conver¬ 
sion  projects 
-Auto  and  manual  testers 

Mid-level  and  Sr.  positions  avail¬ 
able.  All  positions  require  Bach¬ 
elors  degrees.  Salary  competitive. 
Re-location  for  short  term  assign¬ 
ments  with  costs  covered.  Send 
cover  letter  and  resume  with  salary 
requirement  to  iobs@itechus.com. 


SW  Eng’rs:  Rsrch,  dsgn,  devlp, 
test  Oracle  DBA/Oracle  Applic’n 
DBA  w /  High  Availa'y  Servers,  & 
Parallel  Servers  on  Unix/Win; 
dsgn,  devlp  interfaces  w/  above 
systems  in  Developer  2000, 
PowerBuilder.  VB,  C/C++.  SQL. 
40h/w,  8-5,  BS  in  eng'g  or  busi¬ 
ness  rel’ted  field,  1-yr  wk  exp  w / 
Oracle  DBA  &  VB,  Resume  to  S 
V  Mohan,  Frontier  Solutions  Inc 
at  10150  Belle  Rive  Blvd  .  #2108. 
Jacksonville.  FL  32256  or  at 
hr@frQmiersolytjQns-i.nc, com 


Intellysis  Technology  is  a  fast 
growing  Chicago  based  IT  consult¬ 
ing  group  with  clients  all  over  the 
USA  in  leading  edge  areas  such  as 
eCommerce.  ERP,  Automated 
Testing  and  Client  Server  MultiTier 
Systems.  Intellysis  is  looking  for 
Programmer  Analysts.  Software 
Developers  and  Project  Managers 
with  experience  in  one  or  more  of 
the  following  skills: 

C++.  C.  VC++, 

Java/Java  Web  Server.  Java  Script 
VB.  VB  Script.  ASP.  ActiveX.  COM, 
DCOM 

CGI.  Servlets.  CORBA.  Perl 
VJ++ 

HTML.  DHTML,  XML 
JAVA  APPLETS 
COLD  FUSION,  HTTP 
SEGUE/RADVIEW  TOOLS 
Large  Scale  System  Design/Archi¬ 
tecture  Testing  Experience 

All  jobs  require  a  minimum  of  a 
Bachelors  Degree  in  Computer 
Science  or  related  field  or  its 
equivalent  in  education  and/or 
experience. 

Project  Managers  require  a 
Masters  in  Business  Administra¬ 
tion  or  its  equivalent  in  education 
and/or  experience. 

If  you  are  interested  in  our  compa¬ 
ny,  please  mail,  fax  or  e-mail  your 
resume  including  reference  num¬ 
ber  CW0103  to:  INTELLISYS 
TECHNOLOGY,  LLC,  801  N.  Cass 
Ave.,  Westmont,  IL  60559;  fax 
(630)  455-1333 
e-mail:  recruit@7hillsys.com 


A  position  is  available  for  a  Senior 
Business  Analyst,  Consulting  with 
an  Atlanta-based  technology  solu¬ 
tions  company.  The  company  archi¬ 
tects  and  designs  next  generation 
software  for  point-of-sale  and  In¬ 
ternet  systems  in  the  retail  industry 
including  entertainment,  petroleum 
with  convenience  or  food  stores, 
and  restaurants. 

The  Senior  Business  Analyst, 
Consulting  will  be  primarily  respon¬ 
sible  for  providing  consulting  ser¬ 
vices  to  analyze  business  process¬ 
es  and  define  best  practices  for  the 
implementation  of  complex  soft¬ 
ware  applications  for  the  compa¬ 
ny's  clients. 

Candidates  for  this  position  should 
possess  a  Bachelor's  degree  in  a 
computer  field  whose  degree  pro¬ 
gram  must  include  analysis  and 
redesign  of  business  processes; 
analyzing,  designing,  and  manag¬ 
ing  database  systems;  creating 
user  guides;  and  training  other 
users.  Job  requires  demonstrated 
knowledge  of  operating  systems 
and  software  applications  including 
Windows,  Macintosh,  UNIX,  MS 
Project,  and  MS  Vision;  and  C++, 
Visual  Basic,  and  SQL. 

Apply  by  mail  to: 

Christie  LoCurto 
Radiant  Systems,  Inc. 

3925  Brookside  Parkway 
Alpharetta,  Georgia  30022 


Manager,  Client  Facing  Systems 
(Washington,  DC)  -  Consult  with 
clients  to  plan,  design,  implement 
&  deploy  extranet  and  web-based 
technology  solutions.  Lead  multi¬ 
vendor  integration,  tool  selection 
and  implementation.  Negotiate 
vendor  contract  terms.  Manage 
complex  extranet  development/ 
integration  projects,  provide  end 
user  training,  and  contribute  to 
group  and  departmental  planning, 
budgeting  &  technology  architec¬ 
ture  design  processes  Utilize  exp 
in  developing  &  implementing  in¬ 
tranets/extranets  in  a  professional 
services  organization,  including 
exp.  in  Cold  Fusion,  SQL  Server, 
JavaScript.  Visual  Basic,  VBA.  MS 
Exchange  &  SMTP  Requires  M  S 
in  Comp.  Sci./Engineenng/MIS  or 
related  plus  1  yr.  related  exp 
Please  send  resume  &  cover  letter 
to  Akin  Gump  Strauss  Hauer  &  Feld 
LLP  at  washstaffrecruiting@ 
akmgump  com  or  fax  to  (202)  452- 
4807.  EOE 


Developer  Will  develop,  test, 
implement  and  support  business 
systems  of  low  to  medium  com¬ 
plexity  on  multiple  platforms 
including  client  server,  mid¬ 
range  and  mainframe  for  mar¬ 
keting  applications.  Will  act  as 
system  administrator  for 
Corema  application  used  to 
deliver  specific  offers  to  cus¬ 
tomers  at  the  Point  of  Sale.  Will 
utilize  COBOL,  SQL  and 
Easytrieve  Plus  languages.  Will 
work  on  multiple  assignments 
simultaneously  and  perform 
trouble  shooting,  problem  solv¬ 
ing,  and  analysis.  Will  interact 
with  Project  Managers.  Systems 
Analysts.  Developers.  Vendors. 
DBAs  and  various  Technical 
Support  personnel  as  required 
to  support  new  and  existing 
applications.  Minimum  require¬ 
ments  (education,  training, 
experience):  Bachelor's  Degree 
(or  for  equiv)  in  Computer 
Science  or  closely  related  field 
and  two  years  progressive  expe¬ 
rience  in  job  offered  or  related 
occupation  as  software  develop¬ 
er  or  programmer/analyst.  Also, 
must  possess  (1)  demonstrated 
expertise  working  on  large  main 
frame  platforms;  (2)  demonstrat¬ 
ed  knowledge  of  operating;  and 
(3)  network  systems  such  as 
UNIX  or  Windows  NT  and  rela¬ 
tional  database  management 
systems  such  as  DB2  and 
Access.  Offered  salary  is 
$61, 516/year  (40hrs/wk).  Std 
Company  Benefits.  Send 
resumes  in  duplicate  to:  Labor 
Exchange  Office,  Case 
#200115043,  19  Staniford 

Street.  1st  fl.,  Boston,  MA 
02114. 


Lead  Oracle/lntemet  Developer 
sought  by  pharmaceutical  R&D 
Co.  in  Princeton,  NJ.  Candidate 
must  have  a  Master's  degree  or 
equiv  in  Comp  Sci  &  at  least  5 
yrs  of  exp  in  IT,  specifically  appli¬ 
cations  development.  The  fol¬ 
lowing  skills  are  required:  1  + 
years  in  pharmaceutical  indus¬ 
try;  exp  w/business  develop¬ 
ment  environment  and  Strategic 
Intelligence  function;  min.  3  yrs. 
exp  in  web  development  using 
Java/JSP/Servlets/Oracle  (ver¬ 
sions  7-9i,  Oracle  Application 
Server  9iAS);  Oracle  DBA  certi¬ 
fication;  exp  w/  Documentum, 
WDK  4.2.4;  Documentum  Web 
Development  Kit;  exp  w/  data 
modeling  using  ERWIN  &  Visio; 
exp  in  full  life  cycle  software 
development  of  IT  projects  & 
applications  including  design, 
development,  testing  and  deliv¬ 
ery.  Ability  to  lead  a  small  team; 
manage  vendor  responsibilities 
on  projects;  possess  excellent 
verbal/written  communication 
skills  in  order  to  provide  techni¬ 
cal  options  to  business  users. 
Send  resume  to:  Strategic 
Staffing,  BMS,  M/S  E14-12, 
Route  206  &  Provinceline  Road, 
Princeton.  NJ  08540  Job  Code: 
rfS-788 


Director  ERP 
Applications 

Western  New  York  based  manu¬ 
facturing  company  seeks  top 
quality  candidate  MBA  required 
Proven  ERP  major  application 
implementation  experience  with 
(Oracle,  SAP.  JD  Edwards  or 
Peoplesoft).  Strong  manufactur¬ 
ing  systems  experience  essen¬ 
tial  Experience  building  fault 
tolerant  systems  Solid  knowl¬ 
edge  of  Internet  technologies 
and  strengths  in  system  devel¬ 
opment  methodologies  Ideal 
candidate  must  be  a  leader  with 
excellent  communication/inter¬ 
personal  skills.  Outstanding 
environment,  benefits  and  com¬ 
pensation  with  this  highly 
respected  organization.  Resp¬ 
ond  to  Personnel  Resource,  Inc. 
via  email: 

prinorth@perresource  com 


Become  a  lUicrosoft  Windows  2000  Security  Expert. 


It’s  easy.  Just  point,  click  and  choose  the  format  that  works  best  for  you: 
•CD-R0IT1  •UJeb-Based  •Hands-On  •Uirtual  Classroom 

Uisit  lletSmart  todau  at  www.nwnetsmart.com 


www.nwfusion.com 


2/24/03 


NetworkWorid  m 


Editorial  Index 


■  A 


ACET.OM 

1 

_ 3a 

i 

Alaoritech 

_ 10 

AT  AT 

_ 12 

AT  AT  Wireless 

31 

Authentica 

25 

■  B 

BEA  Systems  

25 

BigEix.  _ 1 

■  C 

f.ison  1. 

in  in.  33 

P.lnurlmark 

1  42 

f.nmpta  Nptwnrks 

16 

P.planp 

_ 33 

Granite  Systems 

 19 

■  D 

DataPower  .Technology _ 

Dell 

_ la 

_ 40 

Digital  Sun 

i 

Divine 

 6.25 

■  E 

Fgpnpra 

40 

Enuant 

31 

■  G 

Gnoale _ 

_ 6 

■  H 

HP_ 10. 

19  22  40 

IRM  1.6  in. 

12,  19.  22,  4n 

Intel 

_ 10 

ITWnrx  1 

■  K 

Kuhi  Software  1 

■  L 

1  ifesc.ane  __  _ T 

1  inuiri  Machines 

_ 1 

■  M 

MailFrontier 

1.42 

Microsoft 

1.6. 16 

■  N 

NFG  Solutions 

_ 36. 

Network  Appliance 

10 

Nishan  Systems 

_ 10 

Nnrtel 

.33 

Novell _ 

20 

■  P 

Packet  Design 

33 

Palm 

31 

Pnlycnm 

14. 

Pnstini 

_ 60 

Prer.isinn  I/O 

33 

Preventsys 

_ 1 

Prism  Micrnsystems 

36 

Pvra  Labs  . 

6 

■  Q 

O-Spam 

60 

Qwest 

_ 31 

■  R 

Rerlhank  Netwnrks 

33 

RLX  Technolonies. 

■  s 

SANRAD 

10 

Securel  ngix 

1 

Sheer  Netwnrks 

33 

Silinnn  Defense 

a 

Skyscape 

36 

SMC.  Networks 

19  .36 

Stnnefly  Netwnrks 

10 

Stnrahility  Snftware 

_ ia 

Stnrserver 

14 

Sun 

22 

Sunhelt  Snftware 

on 

SynrP.ast 

25 

■  T 

Tacit  Knnwlerine  Systems 

26 

TerraDiaital  _  1 

TippingPnint  Ter.hnnlngies 

_ a 

Toshiba 

36 

■  V 

Viola  Netwnrks _ 

_ 1 

■  W 

WehFx 

1 

Wnrlrtr.nm 

_ 12 

Advertiser  Index 


Advertiser Name 


Page  # 


Network  World  Fusion  -  www.nwfuslon.com 


AT  TO  Technologies  Inr. 

Aritran 


53 


www.attoteoh.r.om 


63  wwwadtran.r.om/infn/?nptvanta.300fi 


Alcatel 


7  www.alr.ateLr.om/enterprise 


American  Power  Conversion 


LZ 


http://prQmo.apc.com 


Apcon. 


5Q 


www.apcon.com 


Avocent 


3Q 


www-avocent.r.om 


CDW  Computer  Centers  Inr— 


r.rlw.r.om 


Cisco  .Systems- 


Pfi-P7  www  r.isr.n  rnm/pnwRrnnw 


Computer  Associates 

dtSaarch  Corp 


FA  r a  rom/hrightstnr/arrsprvpQ 


54 


www.dtsearch.com 


filnhal  Technology  Associates 55 


www.gtar.om 


1BM 


21 


ihm.r.om/dh?/r.nn 


Internet  Security  Systems  Inc  15 


www.iss.net/nww 


Kyocera  Mila 


29 


Microsoft  .Corp 


mirrnsnft  r.om/iipsktnp 


Net  gear 


43 


www.nelgear.com 


Network  Instruments  LLC 

Nortel  Networks 


52  wwwmetworkinstmments.com 

nortelnet  wor  ks.r.om/onenet  work 


Phonetics  Inr 


M 


www.ims-4QQQ.com 


Quantum  Corp 


9,  11,  13  www.quantum.com/dx30edu 


Owpst  r.ommi mirations 


ia 


gwestr.om 


Bose  Electronics  


www.rose.com 


SAE 


4I 


www.sap.com 


Server  Technology. 


www.servertech.com 


Spool . 


Storagetek 


_4 _ www.spnnthiz.com/releif4 

Z_www-savetheriay.r.om 


Trend  Micro  .inc- 


24 


trendmicrn.r.nm/prndiirts 


Veritas  Software  


3L 


veritas.com 


Western  Telematic  Inc 


www  wt  ioom 


World  Data  Products 


www.wdpi.com 


Zultys- 


32 


http://nw.zultys.com 


Intelligent  Infrastructure  Supplement 

c  wwwnvirfi 

EMC 

15 

2 

enterasvjLCom 

IBM 

Tripp  1  lift 

1?www.lripplilapnnVprr>mn/nww 

AT&T 

Adtran 

Agilent  Technologies 
Akamba 

American  Power  Conversion 

Appian  Communications 

Blue  Arc 

BoldFish 

BoostWorks 

Brocade 

Business  Layers 

Byte  and  Switch.com 

Cisco  Systems 

ClickArray  Networks 

Compaq 

Computer  Associates  International 

Connect  ix 

DLTtape 

Ecora 

Expertcity 

F5  Networks 

FineGround  Networks 

Flreclick,  Inc 

Fluke  Networks 

Global  Technology  Associates,  Inc 

IBM 

InteQ 

Mangosoft,  Inc 

McData  Corp 

Mercury  Interactive 

Mirapoint 

mWired 

NSI 

NetlQ  Corp 
NetQoS 


Netscreen 
Network  Associates 
Nokia 

Northern  Parklife 
Novell 

Opalis  Software 

Opticom,  Inc 

Peregrine  Systems,  Inc 

Peribit  Networks 

PlateSpin 

Proxim,  Inc 

Qwest 

Radware 

Raxco 

Redline  Networks 
Sangoma 
Siemens 
Silverback 

Space  Design  Technology 
SSH  Communications 
Stalker  Software 
Stardust 

Sun  Microsystems 
Sybase 

Sygate  Technologies,  Inc 

Telogy  Networks,  Inc 

UltraDNS 

VNCI 

Volera 

WaveSmith  Networks 

Websense 

Wintenals 

WinredRed  Software 
Zixit 


These  indexes  are  provided  as  a  reader  service.  Although  every  effort  has 
been  made  to  make  them  as  complete  as  possible,  the  publisher  does  not 
assume  liability  for  errors  or  omissions. 

•Indicates  Regional  Demographic 


NetwmttlM 


Network  World  Seminars  and  Events 
are  one  and  two  day.  intensive  seminars 
in  cities  nationwide  covering  the  latest 

seminars  nil  events  networking  technologies  All  of  our  sem 
inars  are  also  available  tor  customized 
on  site  training.  For  complete  and  imme 
diate  information  on  our  current  seminar  offerings,  call  a 
seminar  representative  at  800-643-4668.  or  go  to  www.nwfu 
sion.com/seminars. 
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Spam  payola 

Tufts  University  late  last  month  discovered  that  some 

of  its  students  were  subletting  their  network  access  to 

spammers.  Flere  is  how  it  worked: 
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Spammers 

continued  from  page  1 

much  a  bandwidth  hog  as  it  is  an 
image  problem  for  universities, 

she  says. 

University  IT  executives  say  they 
hope  to  minimize  their  exposure 
to  this  spamming  technique 
based  on  the  relative  ease  of 
tracking  the  offenders  and 
through  strict  policies  forbidding 
students  to  use  PCs  as  servers,  a 
measure  instituted  after  Napster 
paralyzed  college  networks. 

“Paying  students  to  spam  is  a 
relatively  new  phenomenon  so 
we  don’t  know  the  extent  of  the 
problem,”  says  Steve  Worona, 
director  of  policy  and  network 
programs  for  EduCause,  a  group 
that  promotes  the  use  of  IT  in 
higher  education  and  includes 
thousands  of  schools  around  the 
world.  “We’ll  try  to  put  people 
together  so  they  can  come  up 
with  some  best  practices.” 

Those  practices  might  not  have 


to  be  confined  to  schools,  experts 
say  It’s  possible  that  the  mail  relay 
program  could  be  slipped  onto 
corporate  PCs  without  users 
noticing  via  rogue  Web  sites  or 
spam  packed  with  a  virus. 

Tufts  currently  is  deciding  on 
the  best  practice  for  punishing 
one  student  after  discovering  he 


agreed  to  install  what  amounted 
to  a  message-transfer  agent  on  his 
dorm  room  computer  that  served 
as  a  spam  relay  in  exchange  for 
$20  a  month. 

After  admitting  to  the  arrange¬ 
ment  in  which  the  student 
relayed  thousands  of  e-mails 
offering  services  for  burning  CDs 
and  DVDs,  the  student  said  a 
handful  of  others  were  involved 
in  the  same  payola  that  took 
advantage  of  the  school’s  gigabit 
connection  to  the  Internet. 

“We  had  complaints  from  peo¬ 
ple  saying  our  domain  was  the 
source  of  spam,”  Tufts’  Tolman 
says.“We  checked  the  logs,  identi¬ 
fied  the  IP  address  the  spam  was 
coming  from,  matched  that  with  a 
[media  access  control]  address 
and  went  to  the  kid’s  dorm  room.” 

What  they  discovered  was  a 
small  program  called  Mail- 
safe.exe  on  the  student’s  PC,  but 
no  tracks  back  to  the  spammer. 

A  handful  of  companies  that 
offer  messaging  and  other  ser¬ 
vices  use  the  name  Mailsafe,  but 
the  moniker  is  likely  one  of  a 
laundry  list  of  benign  names  for 
the  program  used  to  escape  de¬ 
tection,  experts  say 

“The  students  involved  in  this 
found  the  opportunity  them¬ 
selves  —  they  were  not  contacted 
by  the  company  directly  says 
Tolman,  who  adds  that  the  soft¬ 
ware  likely  was  downloaded  via 
FTP  or  some  other  file-sharing 
protocol. “But  right  now,  we  know 
the  relay  by  the  students  has 
stopped.” 

Tufts  leans  toward  educating 
first-time  offenders  about  the 
downsides  of  their  behavior,  sav¬ 
ing  harsh  punishment  for  repeat 
delinquents, she  says. 

“We  can’t  control  the  software 
students  load  on  their  machines," 
Tolman  says.  “We  can  only  act 
once  they  use  it.  We  can’t  catch  a 
kid  before  he  spams.” 

That  means  Tufts  continues  its 


More  spammer  tricks 

Regardless  of  what  you  think  about  spammers,  their 
stealth  techniques  seem  at  times  to  be  a  testament  to 
ingenuity.  One  new  technique  involves  targeting  unse¬ 
cured  wireless  hotspots  to  unload  torrents  of  e-mail,  then  dis¬ 
appearing,  according  to  spam  filter  vendors. 

"I  call  it  spam  driving,”  says  Stu  Sjouwerman,  CEO  of  Sunbelt 
Software,  which  develops  a  spam-blocking  gateway  called 
IHateSpam. 

He  compares  this  spamming  method  to  the  practice  called 
war  driving,  in  which  people  drive  around  cities  with  a  laptop 
and  wireless  card,  plotting  and  exploiting  open  wireless  access 
points.  "It’s  the  old  zombie  idea  recycled,"  he  says,  referring  to  a 
hacker’s  practice  of  compromising  Web  sites  without  the  opera¬ 
tor’s  permission  and  using  them  to  launch  attacks. 

Lesley  Tolman,  director  of  networks  and  telecommunications 
for  Tufts  University  in  Medford,  Mass.,  says  the  school  is  in 
the  process  of  pinpointing  wireless  access  hotspots  around 
campus. 

“We  have  a  small  number,  but  we  are  trying  to  manage  their 
proliferation,”  she  says. 

Another  spamming  technique  that  has  popped  up,  according 
to  Linus  Upson,  co-founder  of  start-up  0-Spam,  is  use  of  a 
mobile  spam  command  center.  One  spammer  he  knows  of  has 
a  van  loaded  with  computer  equipment  that  he  uses  to  drive  to 
small  and  midsize  ISPs,  where  he  offers  cash  bribes  for  an  hour 
or  so  on  their  networks.  The  ISP  literally  runs  a  cable  out  the 
back  door  and  into  the  van. 

"He  spends  about  $40,000  a  month  putting  together  a  spam 
campaign  and  makes  $100,000  in  revenue,"  Upson  says.  “He 
only  spends  a  few  hours  over  two  to  three  days  sending  out  his 
spam.  The  rest  of  his  time  is  spent  setting  everything  up." 

h's  that  kind  of  ease  of  execution  that  keeps  spammers  work¬ 
ing  and  the  spam  problem  growing.  The  volume  of  spam  has 
n  re  than  doubled  this  year  from  last,  according  to  spam  filter 
company  Postini. 

n  cost  of  being  a  spammer  is  so  little,  and  you  have  so  lit¬ 
tle-  se,"  says  Dan  Keldsen.  a  senior  analyst  for  Delphi  Group. 

—  John  Fontana 


due  diligence  poring  over  logs 
looking  for  suspicious  activity  an 
exercise  Tolman  says  eats  up  half 
of  a  full-time  salary  per  year,  or 
roughly  $30,000. 

“It  all  sounds  like  a  poor  man’s 
grid  computing,”  says  Greg  Scott, 
IS  manager  at  Oregon  State  Uni¬ 
versity  College  of  Business  in  Cor- 
valis,  who  had  not  heard  of  the 
spamming-for-pay  tactic,  but  was 
not  surprised.  He  says  Oregon 
State  throttles  down  bandwidth 
available  to  residence  halls  be 
cause  of  file-sharing  and  restricts 
the  ports  students  can  use.  “Uni¬ 
versities  are  for  experimenting, 
pushing  the  edge.  But  some  stu¬ 
dents  push  harder  than  others,” 
Scott  says. 

Frank  Grewe,  manager  of  Inter¬ 
net  services  for  the  University  of 
Minnesota  in  Minneapolis-St. 


Paul,  also  wasn’t  surprised.  He 
says  the  university  does  not  let 
client  machines  be  used  as 
servers,  employs  static  IP  address¬ 
es  and  tracks  the  amount  of  traf¬ 
fic  going  to  and  from  those  ad¬ 
dresses. 

David  Wood,  manager  of  the 
network  group  at  the  University  of 
Colorado  in  Boulder,  uses  tactics 
similar  to  Scott’s  and  Grewe’s.  He 
says  spammer’s  payola  would  be 
easy  to  track  and  punishment 
would  be  swift. 

“We  kick  our  students  off  the 
network  if  we  have  to,”  says 
Wood,  who  admits  that  three  to 
four  permanent  bans  already 
have  been  handed  out,  mostly 
because  of  hacking.  ■ 
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Welty  says  he  also  likes  the  ability  for  each  user  to  choose  a  view  of 
a  multi-point  conference  best-suited  for  his  needs, rather  than  one  view 
being  thrust  upon  all  users.Up  to  16  people  can  be  displayed  onscreen 
side  by  side  with  an  active  border  around  the  person  speaking. 

Fblycom  also  rolled  out  Conferencing  Suite  5.0,  which  features  im¬ 
proved  call  management  and  scheduling  features,  including  the  abili¬ 
ty  to  schedule  a  call  via  Microsoft  Outlook.  Users  also  can  reserve  a  set 
amount  of  bandwidth  to  be  used  with  each  call. The  suite  also  can  be 
used  to  help  manage  non-Fblycom  endpoints. 

Other  enhancements  and  announcements  this  week  from  Fblycom: 

•  A  new  Executive  Collection 
of  high-end  video  units  with  sin¬ 
gle  or  dual  50-  or  6 1-inch  plasma 
displays  built  into  a  credenza  or 
assembled  as  a  stand-alone  unit. 

•  A  new  iPower  9000  series  of 
PC-based  group  video  end¬ 
points,  which  will  replace  the 
900  line,  that  include  the  ability 
to  record  .conferences,  share 
computer-based  data  at  native 
screen  resolution  and  new  IP 
tunneling  capabilities  for  use 
with  third-party  VPNs. 

•  Enhancements  to  the  ViewStation  and  VS4000  group  video  appli¬ 
ances,  including  support  for  the  new  high-resolution  FbwerCam  video 
camera,  better  management  features  that  allow  the  lockdown  of  cer¬ 
tain  functions  and  interfaces,  and  unique  default  passwords  for  each 
unit  shipped. 

•  On  the  desktop,  the  ViaVideo  endpoint  now  supports  up  to  512K 
bit/sec  and  30-frame-per-second  video. 

By  offering  endpoints,  management  and  network  components, 
Fblycom  is  helping  insulate  itself  from  competitors  Tandberg,  VCON 
and  Sony,  and  the  growing  market  of  Web  conferencing  vendors,  says 
Joe  Gagan,  a  senior  analyst  at  The  Yankee  Group. 

Gagan  says  that  because  Web  conferencing  can  be  easier  to  use  and 
requires  less  specialized  equipment,  and  that  not  everyone  wants  to 
see  the  person  with  whom  they’re  speaking,  could  affect  the  overall 
growth  of  videoconferencing. 

Most  of  the  new  features  and  products  will  roll  out  later  this  quarter 
or  in  the  second  quarter.  Many  of  the  endpoint  upgrades  will  be  avail¬ 
able  for  free  via  Fblycom’s  Web  site.  The  MGC-25  starts  at  $22,000, 
depending  on  configuration.  Conference  Suite  5.0  will  start  at  $25,000 
for  25  devices. 

Fblycom:  www.polycom.com 


fcii  I  can  now  do  32 
sites  in  one  video  call 
without  cascading  to 
another  call.  99 

Guy  Welty 

Manager  of  global  media 
networks  and  collaborative 
services,  W.R.  Grace 
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fc  (The  security  threats  that  exist 
for  the  infrastructure  today  are 
real  and  are  a  m^jor  concern, 
even  without  voice.  1 1 

Don  Proctor 

Vice  president,  Cisco’s  voice  technology  group 
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lot  of  other  projects  that  I  can  get 
at  least  a  six-month  ROI  on 
before  I  go  forward  with  IP  tele¬ 
phony”  which  might  have  a 
longer  ROI,  and  is  harder  to 
prove,  he  says. 

Fidelity  is  still  moving  cautious¬ 
ly  with  IP  telephony  Morgan 
talked  about  the  company’s  de¬ 
ployment  of  homegrown  soft- 
phone  applications  and  USB 
handsets  as  a  way  to  deploy  IP 
telephony  cost  effectively 

Morgan  said  the  ROI  on  hard 
phones  is  a  “tough  sell”  because 
they  are  almost  twice  as  expen¬ 
sive  to  deploy  as  a  software-based 
phone  and  headset.  Fidelity’s  soft- 
phone  is  based  on  the  Telephony 
API  standard  and  operates  with  a 
Cisco  CallManager.  The  software 
integrates  the  company’s  IBM 
Lotus  Sametime  instant  messag¬ 
ing  client,  as  well  as  Microsoft 
Outlook,  with  telephony,  letting 
end  users  click  on  a  name  in  a 
directory  and  choose  a  method 
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of  communication  —  e-mail,  chat 
or  phone  call. 

Morgan  said  the  company 
has  about  3,200  softphones  de¬ 
ployed  among  several  depart¬ 
ments  and  with  teleworkers,  but 
he  is  dealing  with  issues  such  as 
E-911  emergency  reporting,  and 
the  reliance  on  a  PC  to  make 
phone  calls. 

Voice-over-IP  security  issues 
were  on  the  minds  of  many 
VoiceCon  attendees  because  of 
all  the  reports  of  high-profile  net¬ 
work  attacks  lately 

In  a  debate  at  the  show  on  IP 
telephony  security,  Karyn  Mash- 
ima,  Avaya’s  vice  president  of 
strategy  and  technology,  squared 
off  with  Lee  Sutterfield,  president 
of  SecureLogix,  which  makes 
equipment  for  securing  tradi¬ 
tional  PBX  voice  systems. 

“In  legacy  voice,  the  risk  has 
been  very  low”  for  system  misuse 
or  attack  from  individuals  or 
groups  outside  a  company, 
Sutterfield  said.  But  he  added 
that  TDM  toll  fraud  is  still  a 
threat,  costing  U.S.  businesses 
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around  $12  billion  per  year. 

“When  you  deploy  [IP  telepho¬ 
ny],  you  get  many  benefits  and 
new  features,  but  you  also  have 
to  worry  and  I  mean  really  worry, 
about  viruses,  targeted  denial-of- 
service  attacks,”  and  the  security 
of  packetized  voice  conversa¬ 
tions,  which  are  not  impossible 
to  intercept,  he  added. 

Mashima  agreed  that  IP  tele¬ 
phony  security  can  be  a  prob¬ 
lem,  but  said  that  the  risks  are 
similar  to  ones  taken  by  millions 
of  businesses  that  send  confi¬ 
dential  e-mail,  or  do  business 
over  the  Internet,  where  credit 
card  numbers  are  sent  to  and 
stored  on  Web-based  servers. 

“So  is  IP  telephony  technology 
inherently  secure?  No,”  she  said. 
“Can  it  be  secured?  Yes.” 

Other  vendors  and  users  at  the 
show  agreed  that  IP  telephony 
vulnerability  is  a  problem  that  is 
fixable  with  standard  security 
practices  and  technologies,  such 
as  firewalls,  intrusion  detection 
and  VPNs. 

“The  security  threats  that  exist 
for  the  infrastructure  today  are 
real  and  are  a  major  concern, 
even  without  voice,”  said  Don 
Proctor,  vice  president  for  Cisco’s 
voice  technology  group,  who 
gave  a  keynote  address  at  Voice¬ 
Con. “Certainly  putting  voice  traf¬ 
fic  on  that  infrastructure  makes 
people  more  aware.” 

On  the  security  issue,  Fidelity’s 
Morgan  agreed  that  security  is 
the  same  for  any  server  or  IP 
PBX. 

“Your  network  security  is  no 
better  than  the  weakest  part,” 
Morgan  said. “If  one  server  is  not 
patched  and  an  attack  comes,  it’s 
going  to  get  hammered  on.”  And 
if  that  server  happens  to  be  an  IP 
PBX,  that  could  be  seen  as  a  neg¬ 
ative  consequence  of  running 
voice  over  an  Internet-attached 
network,  he  added. 

Technology  questions  on 
how  call-processing  intelligence 
should  be  deployed  on  a  con¬ 
verged  network  and  the  ever-pre¬ 
sent  issue  of  quality  of  service 
were  hot  topics  among  atten¬ 
dees. 


“We’re  not  hearing  what  infra¬ 
structure  upgrades  will  be  neces¬ 
sary  to  make  this  work,”  said 
Kaiser’s  Crawford  on  IP  telepho¬ 
ny.  “It’s  a  simple  dollar-amount 
issue.  We  have  to  make  sure  the 
infrastructure  is  capable  of  sup¬ 
porting  what  an  IP  telephony  sys¬ 
tem  can  do  today”  And  that 
could  be  expensive,  he  added. 

The  idea  of  increased  IP  phone 
features  also  made  some  users 
take  a  hard  look  at  how  conver¬ 
gence  would  change  their  infra¬ 
structures. 

“I’m  nervous  about  how  much 
intelligence  will  ultimately  end 
up  in  the  desktop  device,”  said 
Hartley  Hoskins,  a  data  and  tele¬ 
com  administrator  at  the  Woods 
Hole  Oceanographic  Institution 
in  Woods  Hole,  Mass.  While  in¬ 
creased  intelligence  at  IP 
phones  and  endpoints,  such  as 
ones  based  on  Session  Initiation 
Protocol  (SIP),  could  allow  for 
advanced  voice/data  applica¬ 
tions,  those  devices  could  get 
expensive. 

“If  we  are  eventually  going  to 
drift  to  the  [SIP]  model,”  Hoskins 
said, “does  that  mean  the  cost  of 
the  thing  out  on  your  desk,  col¬ 
lectively  will  be  three  or  four 
times  the  cost  of  the  servers?  The 
dust  hasn’t  settled  on  that.  It’s  a 
hardware  issue  that  could  be  a 
‘gotcha.’” 

Meanwhile,  there  were  some 
products  introduced  at  the  show 
to  help  users  install  and  trou¬ 
bleshoot  IP  telephony: 

•  Viola  Networks  released  its 
NetAlly  software  for  measuring 
IP  voice  quality  over  a  LAN  or 
WAN. 

•  SecureLogix  displayed  a  new 
version  of  its  Enterprise  Tele¬ 
phony  Management  System, 
which  is  designed  to  protect 
PBXs  from  toll  fraud  and  dial-up 
port  intrusions. 

•  ACE*COM  announced  a  new 
version  of  its  NetPlus  6  Enter¬ 
prise  Operations  Support  System 
software,  which  can  track  packet 
and  TDM  telephony  usage.  ■ 

Get  more  information  online. 
DocFinder:  4443 
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Ruling 

|  continued  from  page  12 

granted  the  ILECs  too  much  lee¬ 
way  in  the  broadband  market. 

WorldCom,  another  large  UNE 
switching  seller,  expressed  simi¬ 
lar  views.  “We  are  confident  the 
state  commissions  will  continue 
to  make  the  responsible  deci¬ 
sions  necessary  to  keep  their 
local  markets  open,”  said  Wayne 
Huyard,  president  of  MCI  Mass 
Market  for  WorldCom  in  a  state¬ 
ment.  The  company  also  ex¬ 
pressed  reservations  about  the 
FCC’s  decision  to  deregulate  the 
broadband  market. 

Powell  outnumbered 

Powell,  who  had  sought  a  more 
ILEC-friendly  ruling  overall  and 
dissented  on  a  number  of  core 
issues,  was  outgunned  in  the 
final  vote  3-2. 

While  Republican  commis¬ 
sioner  Kathleen  Abernathy 
joined  Powell,  Republican  Kevin 
Martin  joined  with  the  two 
Democrat  commissioners  to 
form  the  majority 

The  rule  change  that  the  ma¬ 
jority  pushed  through  that 
seemed  to  upset  Powell  the  most 
was  the  decision  to  turn  over  to 
the  states  the  power  to  deter¬ 
mine  what  ILEC  elements 
should  be  unbundled. 

“The  nation  will  now  embark 
on  51  major  state  proceedings  to 
evaluate  what  elements  will  be 
unbundled  and  made  available 
to  CLECs,”  Powell  wrote  in  his 
dissenting  position. 

“These  decisions  will  be  litigat¬ 
ed  through  51  different  federal 
district  courts.  These  51  cases 
will  be  decided  in  multiple  ways 
—  some  upholding  the  state, 
some  overturning  the  state  and 
little  chance  of  regulatory  and 
legal  harmony  at  the  end  of  the 
da>(  he  said. “These  51  district 
court  cases  are  likely  to  be 
heard  by  12  federal  courts  of 
appeals  —  do  we  expect  they 
will  all  rule  similarly?  If  not,  we 
will  eventually  be  back  in  the 
Supreme  Court." 

While  he  decries  what  he  fore¬ 
sees  as  a  long  litigation  process, 
if  the  decision  ends  up  back  in 
court,  there’s  a  chance  Powell 
will  see  some  of  his  ILEC-friend¬ 
ly  vision  become  reality: 

“The  D.C.  Court  of  Appeals 
could  very  well  overturn  the 
parts  of  this  that  Pbweli  gave 
away  Nolle  says. 

“So  you  could  end  up  with  a 
sweeping  victory  for  the  [local 
exchange  carriers]  and  a  disas¬ 
ter  for  the  interexchange  carri¬ 
ers,”  he  adds.  SB 


Talking  up  IP  voice 


The  productivity  benefits  of  IP  telephony  are  real, 
according  to  a  recent  survey  of  100  IT  executives. 


Benefit 

Response 

Average  benefit  level 

Faster  moves,  adds 
or  changes 

fflk  HYes 

'dS  NoTdon’tknow 

1.5  hours  per  move 
per  user. 

Faster  deployment 
of  phones  at  new 
offices 

hu 

wJ  No/don’t  know 

3.8  weeks  per  new  office 
opening. 

Easier  move,  add  or 
change  process 

Jk  ■  Yes 

No/ttontknow 

3  more  moves  per  year. 

SOURCE;  SAGE  RESEARCH 
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White  box  or 


Several  readers  wrote  to  com¬ 
ment  on  the  choice  of  white- 
box  hardware  for  my  son’s 
school  computer  lab  (see  www.nwfu 
sion.com,  DocFinder:  4445).  Jason 
Lester,  for  example,  writes: 

“You’re  doing  the  school  a  disservice  by  buying 
‘white  boxes’  from  a  local  company  Been  there, 
done  that,  and  will  never  do  it  again.  And  paying 
more  for  [white-box]  computers  [than  we  spent  on 
Compaq  PCs]  makes  it  even  worse. 

Readers  questioned  whether  the  school’s  white 
box  provider  —  a  term  used  to  describe  compa¬ 
nies  that  assemble  their  own  machines  from  com¬ 
modity  parts  —  could  deliver  on  price, support  and 
maintenance.  Let’s  look  at  each  of  these  issues. 

Lester  says  he  can  get  a  Compaq  PC  similar  to  the 
ones  we’re  getting  for  almost  $150  less,  which  I’m 
sure  is  true.  But  we  couldn’t.  We ’re  only  buying  15 
PCs  and  one  server  so  we  don’t  qualify  for  the 
price  breaks  available  to  some  schools.  But  at  that 
price  we  get  on-site  installation  we  get  from  our 
vendor  (MJP  Computers  in  Oxnard,  Calif.). 

I  hear  great  things  about  our  vendor’s  support, 
which  is  different  from  the  horror  stories  readers 
tell  about  how  searches  for  even  simple  answers 
from  brand-name  vendors  turn  into  quests  that 
would  make  a  hardened  mercenary  blanch.lt 


brand  name? 


always  sounds  good  when  brand-name  vendors  do 
the  sales  pitch,  but  the  reality  is  never  as  painless  as 
they  claim.  And  if  such  a  thing  as  real  hard-core  sup¬ 
port  exists  you’ll  be  paying  handsomely  for  it. 

Maintenance  is  an  interesting  issue.  If  you  are  a 
big  organization  and  have  your  techs  trained  by 
your  brand-name  vendor,  you  can  get  priority  ser¬ 
vice,  but  for  the  rest  of  us  it’s  the  hold  from  hell:  20 
amazingly  dumb  questions  from  the  first-level  tech, 
another  hold  from  hell,  a  repeat  of  the  same  20 
questions  by  the  second-level  tech.  And  if  you 
argue  your  case  successfully,  maybe  service  will  get 
to  you  tomorrow.  Elapsed  time:  around  two  hours 
on  the  phone  and  a  machine  that’s  dead  for  at  least 
48  hours. 

Our  vendor  offers  same  day  on-site  service  if  you 
call  before  3  p.m.,  doesn’t  make  you  prove  your 
blood  type  before  believing  you  have  a  problem, 
and  even  will  loan  you  replacement  parts  and  PCs 
instead  of  the  usual  “send  it  to  us  and  when  we  get 
it  we’ll  send  you  a  replacement”  routine  that  takes, 
at  the  very  least,  two  days.  And  as  for  service  costs, 
our  vendor  charges  $25  per  hour  for  schools  for 
nonwarranty  work! 

Another  issue  that  affects  both  support  and  main¬ 
tenance  is  the  vendor’s  quality.  Usually  when  you 
order  a  batch  of  identical  PCs  you  expect  they  will 
be  identical.  I  have  heard  several  stories  of  major- 


brand  companies  shipping  batches  of  PCs  that 
were  supposed  to  be  identical  but  in  reality  had  a 
mix  of  motherboards,  drives  and  network 
cards.These  big  brands  seem  to  occasionally  forget 
that  organizations  order  batches  of  PCs  to  a  single 
spec  to  minimize  support  costs. 

I  know  some  of  you  have  had  wretched  experi¬ 
ences  with  white-box  vendors  just  as  some  of  you 
(myself  included)  have  had  rotten  experiences 
with  brand-name  vendors.  While  there  certainly  is 
an  element  of  luck  involved  when  you  make  a  ven¬ 
dor  choice,  you  can  find  a  local  vendor  that  is  reli¬ 
able,  available  and  reasonably  priced,  that  provides 
good  service  and  support,  and  that  gives  a  damn 
about  you  in  a  way  the  big  brands  can’t  because  of 
their  scale  of  operations. 

So  I’m  not  saying  that  you  shouldn’t  buy  from 
brand  names.  On  the  contrary,  there  might  be  times 
when  the  cost  benefit  for  large-scale  enterprise  pur¬ 
chases  is  undeniable  and  where  you  can  forge  an 
effective  working  relationship  with  the  vendor. 

But  if  you’re  driving  information  technology  in  a 
small  or  midsize  business, you  really  should  look  at 
the  benefits  and  advantages  of  doing  business  with 
your  local  white-box  vendor. The  benefits  can  be 
more  than  just  pricing. 

Sales  quotes  to  backspin@gibbs.com. 
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our  beta  software,"  gushed  Liquid  Machines  CEO  Jim  Schoonmaker,  who’s  pushing 
policy-based  security  that  protects  at  the  file  level  and  looks  nifty  at  the  trade-show 
level. 

“We’ve  seen  the  market  coming  to  us,"  bragged  Buzz  Bruggeman,  whose  Active- 
Word  Systems  promises  to  save  PC  users  time  and  money  by  saving  them  count¬ 
less  keystrokes.  Comes  with  a  cool,  personal  R0I  feature. 

"We’re  a  recessionary  product,"  boasted  ITWorx  CEO  Youssri  Helmy,  whose 
NetCelera  bandwidth-optimization  appliance  is  worth  a  look  for  those  still  angling  to 
cut  costs. 

A  quartet  of  seen-it-all  graybeards  on  hand  for  a  panel  discussion  were  happy  to 
accentuate  the  positive,  yet  they,  too,  had  words  of  caution. 

“Deals  are  getting  done,  but  not  on  the  terms  that  the  entrepreneurs  I  know  are 
happy  about,"  said  Mitch  Kapor,  long-ago  founder  of  Lotus  and  more  recently  a  ven¬ 
ture  capitalist  active  in  open  source. 

There  was  more  talk  about  incremental  advances  than  any  next  big  thing. 

"The  next  big  thing  is  all  the  little  things  that  make  things  work,"  said  Les  Vadasz, 
president  of  Intel  Capital.  If  the  show  had  an  overarching  theme,  it  was  just  that: 
making  the  things  we  have  work  better. 

For  example,  Kubi  Software  surrenders  to  the  reality  that  workers  live  in  their 
e-mail  by  letting  Microsoft  Outlook  and  Lotus  Notes  users  collaborate  in  groups 
using  those  familiar  interfaces.  Instead  of  forcing  them  into  another  application. 
Oddpost’s  snazzy  demo  of  its  Web-based  e-mail  service  kicked  the  stuffing  out  of 
my  preconceived  notion  that  no  one  would  pay  $30  for  what’s  been  a  freebie.  And 
Bloomba  from  Stata  Labs  looks  ready  to  bring  order  to  even  the  ugliest  in-box. 

Antispam  outfits  MailFrontier  and  Cloudmark  won  bravery  points  for  submitting  to 

,. veshow  Network  World  test,  but  the  results  reported  onstage  only  confirmed  sus¬ 


picions  of  filtering  skeptics  that  these  products  snag  too  many  legitimate  messages 
and  aren’t  all  that  good  at  weeding  out  junk.  Ironport  did  better  with  a  gateway  tool 
that  lets  network  administrators  easily  identify  the  biggest  spammers  and  block 
their  IP  addresses  by  the  thousands. 

Security  companies  such  as  BigFix  and  Preventsys  were  marching  the  ball  down- 
field,  too,  with  promising  products  that  speak  directly  to  problem^ of  the  day.  BigFix 
finds  and  patches  vulnerabilities  before  they  jump  up  and  bite  your  behind.  Prevent¬ 
sys  automatically  audits  network  elements  for  compliance  with  security  policies. 

Another  sign  of  sanity  returning  to  the  industry  was  that  this  Demo  featured  few 
tech  toys _ Those  that  were  shown  didn’t  leave  anyone  panting  for  more. 

TerraDigital’s  “digital  audio  jukebox”  uses  a  nifty  touchscreen  to  give  audiophiles 
easy  access  to  their  music  collections,  but  doesn’t  have  a  prayer  at  $895  a  pop. 

FullAudio,  which  learned  the  hard  way  that  young  people  won’t  pay  monthly  fees 
for  music,  has  a  clever  description  of  its  new  target  market  —  ’The  employed"  — 
but  will  find  that  crowd  no  more  anxious  to  pony  up. 

Lifescape’s  Picassa  Sharing  Network  promises  to  make  sending  digital  photos  to 
Grandma  a  snap  —  and  looks  idiotproof  —  which  means,  well . . .  grandparents  will 
be  happier  with  their  idiot  grandkids. 

The  most  eye-opening  demo  came  from  Digital  Sun,  whose  X.Sense  wireless  soil 
sensor  kept  an  onstage  patch  of  grass  from  being  flooded  by  a  broken  sprinkler 
head.  It  promises  big  savings  for  owners  of  automatic  irrigation  systems  and  looks 
like  a  bargain  at  $150. 

The  lamest  demo?  IBM’s  InfoScope  technology,  which  involved  a  woman  who 
doesn’t  speak  German  taking  a  digital  photo  of  a  subway  sign  written  in  German  in 
order  to  send  it  wirelessly  to  a  server  that  would  spit  back  a  translation. 

And  the  biggest  bomb:  WebEx.  Nothing  in  its  demo  worked,  including  the  presen¬ 
ter's  attempt  at  covering  up  with  nervous  laughter. 

Have  2  cents  of  your  oum?  The  address  is  buzz@nww.com. 


Introducing  the  NetVanta"  3000  Series  from  ADTRAN 


■  Cost-effective  access 
routing  for  branch  office 
connectivity  and 
Internet  access 

■  Recognizable  Command 
Line  Interface  (CLI) 

■  No  retraining  or 
costly  certification 

■  Built-in  stateful 
inspection  firewall 

■  Interoperable  with  other 
standards-based  routers 

■  Optional  PBX  connectivity 

■  Optional  dial 
backup  system 

■  Built-in  DSU/CSU  for 
WAN  termination 

■  Free  24x7  telephone 
technical  support 

■  Optional  extended 
installation  and 
maintenance  program 


This  powerful  new  access  router  from  ADTRAN  is  everything  you 
need  in  a  router,  and  then  some,  at  a  cost  that’s  up  to  55  percent 
less  than  other  brand  name  routers.  This  high-quality,  low-cost 
alternative  features  a  stateful  inspection  firewall,  a  DSU/CSU,  and  a 
familiar  CLI.  Comprehensive  dial  backup  and  PBX  connectivity  are 
available  at  a  minimal  cost.  Interoperable  with  other  standards-based 
routers,  the  NetVanta  3000  Series  fits  seamlessly  into  your  existing 
network.  Backed  by  unlimited  telephone  support  and  a  5 -year 
warranty,  the  NetVanta  3000  Series  is  clearly  the  intelligent  choice. 

New  vendor  to  routing?  No  way!  ADTRAN  has  incorporated  its 
router  technology  into  selected  WAN  connectivity  products  for  the 
past  five  years;  with  more  than  75,000  now  installed  in  networks 
around  the  world.  The  NetVanta  3000  Series  is  the  latest  in  a  long 
line  of  market-leading  internetworking  and  connectivity  solutions, 
from  a  company  with  a  17-year  history  of  customer  satisfaction. 

Dare  to  compare  the  new  NetVanta  3000  Series! 

www.acftran.com/info/Pnetvanta3000 

877.212.0327  Technical  Questions 

877.280.8416  Where  to  Buy 
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It's  so  far  forward,  it's  a  shame  to  call  it  backup. 


Apparently  the  word  is  out  everywhere.  BrightStor™  ARCserve®  Backup  is  among  the  most  reliable  and  widely  used 
backup  solutions  in  the  world.  In  fact,  hundreds  of  thousands  of  people  rely  on  BrightStor  ARCserve  Backup 
technology  to  protect  their  critical  servers.  Now  we've  created  BrightStor™  ARCserve'  Backup  v9,  the  most  advanced 
version  ever.  As  part  of  the  BrightStor™  line  of  storage  management  solutions,  BrightStor  ARCserve  Backup  v9  is  amazingly  powerful  yet 
one  of  the  simplest  to  use  and  easiest  to  install  solutions  out  there.  In  fact,  most  users  can  perform  their  first  backup  within  20  minutes 
of  start-up.  And  that  means  it's  the  perfect  backup  software  choice  for,  well,  just  about  everyone.  ca.com/brightstor/arcserve9 
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